Malicious PDF — malware analysis report

Static analysis result for SHA-256 05aca6b3c3df7101…

MALICIOUS

PDF

44.5 KB Created: 2019-02-13 19:54:30 +03:00 Authoring application: - (via Acrobat Distiller 3.0 for Power Macintosh)
MD5: a519c239692b33ca0c3bc27d6e668f2a SHA-1: 30b9171bd4b7580978aead17a9eaf234ca0114cd SHA-256: 05aca6b3c3df71013950dadea3726b6e0f189e0891fe10844a2d7f3a4b6f9e95
192 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF was identified as malicious by a machine learning classifier and ClamAV, specifically as a dropper. The document body contains numerous embedded URLs, forming a link farm, with the primary URL pointing to a suspicious PDF. This suggests the document's purpose is to trick the user into downloading a secondary malicious PDF, likely containing an advance-fee scam lure as indicated by the SE_ADVANCE_FEE_SCAM_LURE heuristic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7143144-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7143144-0
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/stone-the-beast.pdf
    • http://www.gorillawalker.com/distilling-the-scene-painting-watercolour-paint-watercolour.pdf
    • http://www.gorillawalker.com/i-flew-for-the-fuhrer-the-story-of-a-german.pdf
    • http://www.gorillawalker.com/the-great-british-steam-railway-timetable-1996-transport-paperback.pdf
    • http://www.gorillawalker.com/to-love-and-to-teach-betrayal-racism-addiction-sexuality-spiritual.pdf
    • http://www.gorillawalker.com/irish-whiskey-a-1000-year-tradition.pdf
    • http://www.gorillawalker.com/stanton-the-life-and-times-of-lincoln-146-s-secretary.pdf
    • http://www.gorillawalker.com/professor-big-large-size-erotica.pdf
    • http://www.gorillawalker.com/sidney-crosby-hockey-superstar-superstar-athletes.pdf
    • http://www.gorillawalker.com/pride-in-modesty-modernist-architecture-and-the-vernacular-tradition-in.pdf
    • http://www.gorillawalker.com/bicinia-hungarica-i-vocal-duets.pdf
    • http://www.gorillawalker.com/health-assessment-2nd-edition.pdf
    • http://www.gorillawalker.com/physics-of-vibrations-and-waves.pdf
    • http://www.gorillawalker.com/kandinsky-and-klee-in-tunisia.pdf
    • http://www.gorillawalker.com/korea-the-air-war-1950-1953-osprey-colour-series.pdf
    • http://www.gorillawalker.com/simulation-modeling-using-risk-updated-for-version-4.pdf
    • http://www.gorillawalker.com/fundamentals-of-embedded-software-with-the-arm-cortex-m3.pdf
    • http://www.gorillawalker.com/baboons-amazing-animals-gareth-stevens-paperback.pdf
    • http://www.gorillawalker.com/panay-philippines.pdf
    • http://www.gorillawalker.com/histoire-parlementaire-de-la-belgique-de-1831-a-1880-continue.pdf
    • http://www.gorillawalker.com/reinventing-music-video-next-generation-directors-their-inspiration-and-work.pdf
    • http://www.gorillawalker.com/very-different-story-studies-on-the-fiction-of-charlotte-perkins.pdf
    • http://www.gorillawalker.com/god-is-my-ceo-following-god-s-principles-in-a.pdf
    • http://www.gorillawalker.com/jordu-schell-creature-studio-maquette-sculpting-and-painting.pdf
    • http://www.gorillawalker.com/data-analytics-a-problem-solving-approach-chapman-hall-crc-data.pdf
    • http://www.gorillawalker.com/innovative-exploration-a-tour-of-the-menlo-software-factory.pdf
    • http://www.gorillawalker.com/365-main-dish-salads-365-ways-series.pdf
    • http://www.gorillawalker.com/the-beaver-manifesto-an-rmb-manifesto-rmb-manifestos-hardcover.pdf
    • http://www.gorillawalker.com/tu-fe-y-tu-dinero-old-edition-new-ed-is.pdf
    • http://www.gorillawalker.com/exploring-the-epistles-of-peter-john-phillips-commentary-series-the.pdf
    • http://www.gorillawalker.com/anyone-can-paint-practical-instruction-in-the-various-media-of.pdf
    • http://www.gorillawalker.com/the-everything-easy-asian-cookbook-includes-crab-rangoon-chicken-pad.pdf
    • http://www.gorillawalker.com/evaluating-instructional-leadership-recognized-practices-for-success.pdf
    • http://www.gorillawalker.com/the-mammoth-book-of-haunted-house-stories.pdf
    • http://www.gorillawalker.com/filogenesis-las-especies-de-foa-spanish-edition.pdf
    • http://www.gorillawalker.com/scented-isles-and-coral-gardens-torres-straits-german-new-guinea.pdf
    • http://www.gorillawalker.com/the-low-dose-immunotherapy-handbook-recipes-and-lifestlye-advice-for.pdf
    • http://www.gorillawalker.com/staring-at-the-park-a-poetic-autoethnographic-inquiry-writing-lives.pdf
    • http://www.gorillawalker.com/garrison-keillor-a-voice-of-america-studies-in-popular-culture.pdf
    • http://www.gorillawalker.com/sand-mirrors.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.