Malicious PDF — malware analysis report

Static analysis result for SHA-256 051d9bd4c12fd60d…

MALICIOUS

PDF

44.6 KB Created: 2018-11-23 20:55:23 +03:00 Authoring application: LaTeX with hyperref package (via XeTeX 0.99992)
MD5: 06c2949e579c097eefd9cd1a32a93a7b SHA-1: caaeda2b5391b9524916827c0c0cbcf702fe8cd4 SHA-256: 051d9bd4c12fd60d4e4c867460f8025b4e6b59edeb882535eb146a89ed38ef67
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by multiple heuristics, including a critical finding for a 'PDF_SEO_LINK_FARM' indicating a large number of external links. ClamAV also detected it as a dropper. The embedded URLs, all pointing to .pdf files on the same domain, suggest a link-farming or content-distribution scheme. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7224040-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7224040-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/original-natural-hygiene-weight-loss-diet-book.pdf
    • http://www.gorillawalker.com/gender-crime-and-criminal-justice-second-edition.pdf
    • http://www.gorillawalker.com/george-washington-carver-scientist-and-teacher-rookie-biography.pdf
    • http://www.gorillawalker.com/taking-the-vegan-challenge-a-guide-to-going-vegan-for.pdf
    • http://www.gorillawalker.com/dartmoor-tors-a-pocket-guide.pdf
    • http://www.gorillawalker.com/fx-insider-investment-bank-chief-foreign-exchange-trader-with-more.pdf
    • http://www.gorillawalker.com/mosby-s-respiratory-care-equipment-text-and-e-book-package.pdf
    • http://www.gorillawalker.com/the-development-of-the-cartography-of-america-up-to-the.pdf
    • http://www.gorillawalker.com/democracy-and-civil-society-in-arab-political-thought-transcultural-possibilities.pdf
    • http://www.gorillawalker.com/outrageous-acts-and-everyday-rebellions-second-edition-owlet-book.pdf
    • http://www.gorillawalker.com/the-story-of-barbie.pdf
    • http://www.gorillawalker.com/grizzly-riddles-easy-to-read.pdf
    • http://www.gorillawalker.com/dominion-the-power-of-man-the-suffering-of-animals-and.pdf
    • http://www.gorillawalker.com/vocabulary-power-plus-for-the-new-sat-book-3.pdf
    • http://www.gorillawalker.com/fun-and-games-tutor-bk2-method-for-descant-soprano-recorder.pdf
    • http://www.gorillawalker.com/variable-rate-working-memories-for-phonetic-categorization-and-invariant-speech.pdf
    • http://www.gorillawalker.com/study-guide-for-introduction-to-clinical-pharmacology.pdf
    • http://www.gorillawalker.com/using-multivariate-statistics-5th-edition.pdf
    • http://www.gorillawalker.com/algeria-investment-and-business-guide.pdf
    • http://www.gorillawalker.com/a-little-spider-s-alphabet-adventure-an-amazing-abc-book.pdf
    • http://www.gorillawalker.com/zen-dawn-in-the-west-three-pillars-of-zen-two.pdf
    • http://www.gorillawalker.com/birthing-from-within-an-extra-ordinary-guide-to-childbirth-preparation.pdf
    • http://www.gorillawalker.com/theory-of-elasticity-engineering-societies-monographs.pdf
    • http://www.gorillawalker.com/the-hitman-diaries.pdf
    • http://www.gorillawalker.com/cosmic-coastal-chronicles.pdf
    • http://www.gorillawalker.com/failed-statebuilding-intervention-the-state-and-the-dynamics-of-peace.pdf
    • http://www.gorillawalker.com/the-pill-book-14th-edition-the-illustrated-guide-to-the.pdf
    • http://www.gorillawalker.com/the-wright-brothers-and-the-science-of-flight-explosion-zone.pdf
    • http://www.gorillawalker.com/passing-on-bypass-using-external-counterpulsation-an-fda-cleared-alternative.pdf
    • http://www.gorillawalker.com/lune-rouge-nouvelle-edition-les-forces-du-cycle-f-minin.pdf
    • http://www.gorillawalker.com/bloodletter.pdf
    • http://www.gorillawalker.com/trek.pdf
    • http://www.gorillawalker.com/the-silver-bridge-tragedy.pdf
    • http://www.gorillawalker.com/innovation-entrepreneurship-and-the-economy-in-the-us-china-and.pdf
    • http://www.gorillawalker.com/beautifully-brutal-southern-boy-mafia-volume-1.pdf
    • http://www.gorillawalker.com/fullmetal-alchemist-vol-19.pdf
    • http://www.gorillawalker.com/prioritization-delegation-and-assignment-practice-exercises-for-the-nclex-examination.pdf
    • http://www.gorillawalker.com/complete-works-and-letters-german-library.pdf
    • http://www.gorillawalker.com/little-big-heart.pdf
    • http://www.gorillawalker.com/from-cancer-patient-to-cancer-survivor-lost-in-transition-an.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.