Malicious PDF — malware analysis report

Static analysis result for SHA-256 066e48b0f13d6d70…

MALICIOUS

PDF

43.1 KB Created: 2018-11-21 20:53:06 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 5fe22757c9dbfd2be3c68465fe11df11 SHA-1: 8b0eb4df5cbc0663c47be0247c40a25aa0c410ea SHA-256: 066e48b0f13d6d70bd9130e23ff7dea5059bffdd1ecfd0383b76f89d69428b46
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, indicating a link farm or redirection strategy. This is supported by the PDF_SEO_LINK_FARM heuristic and the ML_NYX_PDF_MALICIOUS classification. The primary goal appears to be directing users to a domain hosting numerous PDF documents, likely as a form of SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7140687-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140687-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/seduced-by-the-vampire-countess.pdf
    • http://www.gorillawalker.com/my-father-is-taller-than-a-tree.pdf
    • http://www.gorillawalker.com/memories-firehouse-family.pdf
    • http://www.gorillawalker.com/conversi-n-en-pirit-colombia-spanish-edition.pdf
    • http://www.gorillawalker.com/h-p-lovecraft-s-magazine-of-horror-2-book-edition.pdf
    • http://www.gorillawalker.com/white-flower-a-maya-princess.pdf
    • http://www.gorillawalker.com/anselm-s-other-argument.pdf
    • http://www.gorillawalker.com/virginia-s-presidential-homes-images-of-america-images-of-america.pdf
    • http://www.gorillawalker.com/the-lego-technic-idea-book-simple-machines.pdf
    • http://www.gorillawalker.com/the-complete-encyclopedia-of-illustration-a-collection-of-beautiful-engravings.pdf
    • http://www.gorillawalker.com/chivalrous-valiant-hearts-book-2.pdf
    • http://www.gorillawalker.com/all-about-mortgages-insider-tips-to-finance-or-refinance-your.pdf
    • http://www.gorillawalker.com/colonizing-sex-sexology-and-social-control-in-modern-japan-colonialisms.pdf
    • http://www.gorillawalker.com/die-reise-der-drachen-auf-der-suche-nach-dem-feuerdrachen.pdf
    • http://www.gorillawalker.com/les-territoires-face-aux-changements-climatiques-une-premi-re-g.pdf
    • http://www.gorillawalker.com/pc-repair-blackboard-gold-printed-access-code-card.pdf
    • http://www.gorillawalker.com/social-security-2002-legislation.pdf
    • http://www.gorillawalker.com/new-directions-in-quantum-chromodynamics-seoul-and-kyungju-korea-may.pdf
    • http://www.gorillawalker.com/darkening-of-the-light-witnessing-the-end-of-an-era.pdf
    • http://www.gorillawalker.com/biologically-active-atrial-peptides-american-society-of-hypertension-series-vol.pdf
    • http://www.gorillawalker.com/la-hija-de-celestina-letras-hispanicas-hispanic-writings-spanish-edition.pdf
    • http://www.gorillawalker.com/doing-bed-and-breakfast.pdf
    • http://www.gorillawalker.com/tango-dance-the-song-the-story.pdf
    • http://www.gorillawalker.com/montreal-cityguide-cityguides-globe-pequot-press.pdf
    • http://www.gorillawalker.com/a-son-of-the-forest-and-other-writings.pdf
    • http://www.gorillawalker.com/the-new-geography-of-jobs.pdf
    • http://www.gorillawalker.com/not-so-fast-songololo.pdf
    • http://www.gorillawalker.com/the-guerilla-marketing-building-effective-lead-capture-web-pages-affiliate.pdf
    • http://www.gorillawalker.com/complex-dispute-resolution.pdf
    • http://www.gorillawalker.com/lost-treasure-torchlight-my-first-discoveries.pdf
    • http://www.gorillawalker.com/medieval-sexuality-a-research-guide-garland-medieval-bibliographies.pdf
    • http://www.gorillawalker.com/tumble-turns-an-autobiography.pdf
    • http://www.gorillawalker.com/ordeal-by-fire-the-civil-war-and-reconstruction.pdf
    • http://www.gorillawalker.com/learning-sequences-in-music-a-contemporary-music-learning-theory-2012.pdf
    • http://www.gorillawalker.com/jezabel-spanish-edition.pdf
    • http://www.gorillawalker.com/stories-of-survival-arkansas-farmers-during-the-great-depression.pdf
    • http://www.gorillawalker.com/uther-and-igraine-grosset-dunlap-edition.pdf
    • http://www.gorillawalker.com/hoyle-s-games-modernized-cards-board-games-and-billiards.pdf
    • http://www.gorillawalker.com/reporting-in-counselling-and-psychotherapy-a-trainee-s-guide-to.pdf
    • http://www.gorillawalker.com/understanding-psychology-with-dsm-5-update-10th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.