Malicious PDF — malware analysis report

Static analysis result for SHA-256 03b1e59df99184ce…

MALICIOUS

PDF

33.7 KB Created: 2019-09-08 11:55:12 +03:00 Authoring application: soft Xpansion Perfect PDF 5 Premium (via PDF Xpansion 5.7.8)
MD5: ee21bb6f78e0e6b8d90bbd784299b21c SHA-1: cd6acb77d6dbe8ee28a7474c0eb4ed52ab75533d SHA-256: 03b1e59df99184ce670c762a1d37b1a6ef1906b361ac524c74fd040011d7add4
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was flagged by ClamAV as Pdf.Dropper.Agent-7159145-0 and a machine learning classifier indicated a high probability of maliciousness. The heuristic 'PDF_SEO_LINK_FARM' indicates the presence of numerous external links, suggesting a tactic to either boost search engine rankings or distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8015

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7159145-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7159145-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chinese-animal-designs-dover-pictorial-archive.pdf
    • http://www.gorillawalker.com/auto-ritmo-autom.pdf
    • http://www.gorillawalker.com/yang-fudong.pdf
    • http://www.gorillawalker.com/romance-alien-romance-chosen-by-the-alien-lord-bbw-alien.pdf
    • http://www.gorillawalker.com/hedge-fund-course.pdf
    • http://www.gorillawalker.com/baby-jesus-is-born-sticker-book-sticker-books.pdf
    • http://www.gorillawalker.com/indiana-hoosiers-2014-calendar.pdf
    • http://www.gorillawalker.com/aroma-spanish-edition.pdf
    • http://www.gorillawalker.com/jungian-symbolic-psychology-the-voyage-of-humanization-of-the-cosmos.pdf
    • http://www.gorillawalker.com/safely-through-the-storm-120-reflections-on-hope.pdf
    • http://www.gorillawalker.com/planning-the-management-operation-and-maintenance-of-irrigation-and-drainage.pdf
    • http://www.gorillawalker.com/clumsy-solutions-for-a-wicked-world-how-to-improve-global.pdf
    • http://www.gorillawalker.com/advances-in-case-based-reasoning-4th-european-workshop-ewcbr-98.pdf
    • http://www.gorillawalker.com/perry-mason-in-the-case-of-the-burning-bequest.pdf
    • http://www.gorillawalker.com/lancelot-hogben-scientific-humanist-an-unauthorized-autobiography.pdf
    • http://www.gorillawalker.com/shots-fired-in-anger-a-rifleman-s-view-of-the.pdf
    • http://www.gorillawalker.com/children-at-the-lord-s-table-assessing-the-case-for.pdf
    • http://www.gorillawalker.com/anime-manga-hentai-erotic-story-the-best-pictures-kindle-edition.pdf
    • http://www.gorillawalker.com/brunner-and-suddarth-s-textbook-of-medical-surgical-nursing-in.pdf
    • http://www.gorillawalker.com/encyclopedia-of-electronics-circuits-volume-5.pdf
    • http://www.gorillawalker.com/spot-s-birthday-party-color.pdf
    • http://www.gorillawalker.com/learn-spanish-with-superman-the-never-ending-battle-english-and.pdf
    • http://www.gorillawalker.com/control-bdsm-bondage-punishment-erotica.pdf
    • http://www.gorillawalker.com/arts-and-crafts-for-kids-from-around-the-world-30.pdf
    • http://www.gorillawalker.com/fundamentals-of-precalculus-2nd-edition.pdf
    • http://www.gorillawalker.com/native-american-myths-retold-myths-folktales-anthologies.pdf
    • http://www.gorillawalker.com/desert-food-chains-food-chains-and-webs.pdf
    • http://www.gorillawalker.com/the-stars-their-structure-and-evolution.pdf
    • http://www.gorillawalker.com/mongolia-enchantment-of-the-world-second.pdf
    • http://www.gorillawalker.com/skin-biological-structure-and-function-books.pdf
    • http://www.gorillawalker.com/passion-songbook-worship-together.pdf
    • http://www.gorillawalker.com/wing-chun-kung-fu-bamboo-ring-martial-methods-and-details.pdf
    • http://www.gorillawalker.com/improvising-real-life-personal-story-in-playback-theatre-paperback.pdf
    • http://www.gorillawalker.com/bike-rides-of-the-colorado-front-range.pdf
    • http://www.gorillawalker.com/complete-works-kalmus-classic-edition.pdf
    • http://www.gorillawalker.com/black-owned-white-girl-an-interracial-non-romance-kindle-edition.pdf
    • http://www.gorillawalker.com/leaves-postcards.pdf
    • http://www.gorillawalker.com/transfusion-guide-for-clinicians.pdf
    • http://www.gorillawalker.com/tabakat-i-nasiri-a-general-history-of-the-muhammadan-dynasties.pdf
    • http://www.gorillawalker.com/a-beginner-s-guide-to-wooing-your-mate.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.