Malicious PDF — malware analysis report

Static analysis result for SHA-256 050a9151af36bedb…

MALICIOUS

PDF

35.4 KB Created: 2019-07-20 22:37:26 +03:00 Authoring application: AH XSL Formatter V6.1 MR6 for Windows (x64) : 6.1.11.18624 (via Antenna House PDF Output Library 6.1.610 (Windows (x64)))
MD5: 4ca8c6017dcc8b01749dc334793f3291 SHA-1: 613804e42347840fb5d66f3a4e1689d456460e62 SHA-256: 050a9151af36bedbd503152ad8ead42d566ff6caebbc204c64cf6e57ee89cccf
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests the document is likely part of a link farm or SEO manipulation scheme, potentially leading to malicious content or phishing sites. The ML classifier and ClamAV detection further support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7128128-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7128128-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/salt-lake-city-and-the-newhouse-hotel.pdf
    • http://www.gorillawalker.com/ancient-churches-revealed.pdf
    • http://www.gorillawalker.com/a-shade-of-vampire-4-a-shadow-of-light-kindle.pdf
    • http://www.gorillawalker.com/the-rim-to-rim-road-will-hamblen-and-the-crossing.pdf
    • http://www.gorillawalker.com/six-fairy-variations-from-the-prologue-of-the-ballet-the.pdf
    • http://www.gorillawalker.com/day-walks-in-snowdonia-20-circular-routes-in-north-wales.pdf
    • http://www.gorillawalker.com/the-common-symptom-guide-sixth-edition.pdf
    • http://www.gorillawalker.com/climbing-the-curve-the-making-of-a-project-manager.pdf
    • http://www.gorillawalker.com/sofi-s-aegean-kitchen-a-light-approach-to-traditional-greek.pdf
    • http://www.gorillawalker.com/liszts-chopin-a-new-edition-translated-from-the-french-edited.pdf
    • http://www.gorillawalker.com/captain-bligh-s-voyage-mutiny-in-the-south-seas.pdf
    • http://www.gorillawalker.com/el-negocio-perfecto-el-dropshipping-gu-a-completa-y-proveedores.pdf
    • http://www.gorillawalker.com/attachments-for-prosthetic-dentistry-introduction-and-application.pdf
    • http://www.gorillawalker.com/market-economics-and-political-change.pdf
    • http://www.gorillawalker.com/the-change.pdf
    • http://www.gorillawalker.com/outside-the-mainstream-history-of-special-education.pdf
    • http://www.gorillawalker.com/fantasia-and-fugue-in-c-minor-bwv-537-arrangement-for.pdf
    • http://www.gorillawalker.com/retail-strategy.pdf
    • http://www.gorillawalker.com/fractions-straight-forward-math-series.pdf
    • http://www.gorillawalker.com/solutions-manual-engineering-economy.pdf
    • http://www.gorillawalker.com/at-a-glance-writing-essays-and-beyond-with-integrated-readings.pdf
    • http://www.gorillawalker.com/it-s-a-boy-your-son-s-development-from-birth.pdf
    • http://www.gorillawalker.com/handbook-of-industrial-crystallization-butterworth-heinemann-series-in-chemical-engineering.pdf
    • http://www.gorillawalker.com/towards-a-poor-theatre-theatre-arts-routledge-paperback.pdf
    • http://www.gorillawalker.com/the-arms-control-disarmament-and-military-security-dictionary.pdf
    • http://www.gorillawalker.com/lotto-how-to-wheel-a-forturne-2007.pdf
    • http://www.gorillawalker.com/beatitudes-pkg-of-5-pamphlets.pdf
    • http://www.gorillawalker.com/12-smart-things-to-do-when-the-booze-and-drugs.pdf
    • http://www.gorillawalker.com/the-18-websites-selling-personal-information-about-you-and-your.pdf
    • http://www.gorillawalker.com/pilates-over-50-longer-leaner-stronger-younger.pdf
    • http://www.gorillawalker.com/principles-of-biochemistry-loose-leaf-launchpad-twelve-month-access-card.pdf
    • http://www.gorillawalker.com/fundamentals-of-programmable-logic-controllers-sensors-and-communications-3rd-edition.pdf
    • http://www.gorillawalker.com/patents-and-the-federal-circuit.pdf
    • http://www.gorillawalker.com/album-of-easy-string-quartets-vol-3-pieces-by-bach.pdf
    • http://www.gorillawalker.com/seduced-by-the-cougar-milf-neighbor.pdf
    • http://www.gorillawalker.com/fearfully-and-wonderfully-made.pdf
    • http://www.gorillawalker.com/if-jesus-were-gay-other-poems-kindle-edition.pdf
    • http://www.gorillawalker.com/quality-customers-and-time-by-john-guaspari-ama-management-series.pdf
    • http://www.gorillawalker.com/the-trident-the-forging-and-reforging-of-a-navy-seal.pdf
    • http://www.gorillawalker.com/water-sports-an-outdoor-adventure-handbook.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.