Malicious PDF — malware analysis report

Static analysis result for SHA-256 0414172f8a575630…

MALICIOUS

PDF

33.0 KB Created: 2019-09-20 05:40:57 +03:00 Authoring application: Apache FOP Version 2.1
MD5: 5b87f8bc7d631a7c5c63ac26668ca744 SHA-1: 9fb8243d40ae172591514b92ea8506b9850f5b28 SHA-256: 0414172f8a5756306cc64012328d45ddfb4615bf01ec7492cfd6b6e75208e669
192 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, many of which appear to be SEO-optimized book titles, suggesting a link farm or content-spinning operation. The heuristic 'SE_ADVANCE_FEE_SCAM_LURE' strongly indicates the document's content is designed to trick users into fraudulent schemes involving prizes or parcels. ClamAV also detected this file as a dropper.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7197808-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7197808-0
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/best-easy-day-hikes-grand-staircase-escalante-the-glen-canyon.pdf
    • http://www.gorillawalker.com/wonderful-for-a-little-boy-and-his-grandma.pdf
    • http://www.gorillawalker.com/alfred-12-0571529372-big-pop-instrumental-solos-tenor-saxophone.pdf
    • http://www.gorillawalker.com/collins-ultimate-scrabble-dictionary-and-wordlist.pdf
    • http://www.gorillawalker.com/curvas-del-alma-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-bent-guide-to-gay-lesbian-canada.pdf
    • http://www.gorillawalker.com/uniform-regulations-united-states-marine-corps-1937.pdf
    • http://www.gorillawalker.com/air-transport-system-analysis-and-modelling-transportation-studies.pdf
    • http://www.gorillawalker.com/god-and-the-pyramid-the-rise-and-fall-of-messianic.pdf
    • http://www.gorillawalker.com/rio-de-janeiro-a-city-on-fire-writer-and-the.pdf
    • http://www.gorillawalker.com/introduction-to-tropical-agriculture-information-technology-education-higher-education-press.pdf
    • http://www.gorillawalker.com/bad-bears-go-visiting-irving-muktuk-story.pdf
    • http://www.gorillawalker.com/elektrische-maschinen-erster-band-allgemeine-berechnungselemente-die-gleichstrommaschinen-german-edition.pdf
    • http://www.gorillawalker.com/deeper-dating-how-to-drop-the-games-of-seduction-and.pdf
    • http://www.gorillawalker.com/midnight-cry-ttbb.pdf
    • http://www.gorillawalker.com/annie-oakley-little-sure-shot-american-biographies.pdf
    • http://www.gorillawalker.com/fashion-details-1-000-ideas-from-neckline-to-waistline-pockets.pdf
    • http://www.gorillawalker.com/101-youth-football-coaching-sessions-101-drills-by-charles-tony.pdf
    • http://www.gorillawalker.com/philadelphia-laminated-pocket-map-by-pocket-pilot.pdf
    • http://www.gorillawalker.com/evolution-of-surface-and-thin-film-microstructure-volume-280-mrs.pdf
    • http://www.gorillawalker.com/a-simple-guide-to-breath-sounds-related-diseases-and-use.pdf
    • http://www.gorillawalker.com/japanese-goth.pdf
    • http://www.gorillawalker.com/jim-cramer-s-get-rich-carefully-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/black-rose-alice-vol-1.pdf
    • http://www.gorillawalker.com/generative-emergence-a-new-discipline-of-organizational-entrepreneurial-and-social.pdf
    • http://www.gorillawalker.com/confessions-penguin-classics.pdf
    • http://www.gorillawalker.com/snorkel-maui-lanai-and-molokai-guide-to-the-beaches-and.pdf
    • http://www.gorillawalker.com/asymmetric-crisis-in-europe-and-possible-futures-critical-political-economy.pdf
    • http://www.gorillawalker.com/first-things-first.pdf
    • http://www.gorillawalker.com/classical-trumpet-discover-the-lead.pdf
    • http://www.gorillawalker.com/natural-wonders-color-art-for-everyone-6704.pdf
    • http://www.gorillawalker.com/the-ocean-basins-and-margins-the-indian-ocean.pdf
    • http://www.gorillawalker.com/pread-the-best-of-the-magazine-that-illuminated-the-sex.pdf
    • http://www.gorillawalker.com/pollution-and-the-powerless-the-environmental-justice-movement-impact-books.pdf
    • http://www.gorillawalker.com/second-chance-for-your-money-your-life-and-our-world.pdf
    • http://www.gorillawalker.com/chevron-deference-litigator-series.pdf
    • http://www.gorillawalker.com/guitar-tab-workbook.pdf
    • http://www.gorillawalker.com/declining-jurisdiction-in-private-international-law-oxford-monographs-in-private.pdf
    • http://www.gorillawalker.com/abc-kids.pdf
    • http://www.gorillawalker.com/harmonizer-volume-1.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.