Malicious PDF — malware analysis report

Static analysis result for SHA-256 0691a96411d6ffe4…

MALICIOUS

PDF

43.0 KB Created: 2019-04-04 16:23:11 +03:00 Authoring application: Acrobat PDFMaker 10.1 for Word (via Adobe PDF Library 10.0)
MD5: 5a35674459e9f476e0498e6badc6d408 SHA-1: bcb8ef908e37cc1869b1e81b9e5f2fc1ccc9d0a8 SHA-256: 0691a96411d6ffe45fa57d4a1eb2d65788a47a4ec02a218fe57b555526f714ae
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. This suggests the document is designed to drive traffic to a specific domain, potentially for SEO manipulation or to serve as a distribution point for other malicious content. The ClamAV detection and ML classifier further support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7159662-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7159662-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-music-of-pythagoras-how-an-ancient-brotherhood-cracked-the.pdf
    • http://www.gorillawalker.com/east-of-suez.pdf
    • http://www.gorillawalker.com/with-full-malice-vigilante-justice-deadly-conspiracy.pdf
    • http://www.gorillawalker.com/the-late-bloomer-s-revolution.pdf
    • http://www.gorillawalker.com/women-and-the-priesthood-what-one-mormon-woman-believes.pdf
    • http://www.gorillawalker.com/the-cambridge-history-of-latin-american-literature-3-volume-hardback.pdf
    • http://www.gorillawalker.com/celebration-of-christmas.pdf
    • http://www.gorillawalker.com/frommer-s-honolulu-and-oahu-day-by-day-kindle-edition.pdf
    • http://www.gorillawalker.com/100-best-fresh-salads.pdf
    • http://www.gorillawalker.com/helen-and-troy-s-epic-road-quest.pdf
    • http://www.gorillawalker.com/identity-and-memory-in-post-soviet-central-asia-uzbekistan-s.pdf
    • http://www.gorillawalker.com/cookies-biscuits-biscotti.pdf
    • http://www.gorillawalker.com/chop-monster-trombone-book-1.pdf
    • http://www.gorillawalker.com/who-pooped-in-the-park-glacier-national-park-scat-and.pdf
    • http://www.gorillawalker.com/computation-of-integers-math-intervention-for-elementary-and-middle-grades.pdf
    • http://www.gorillawalker.com/inside-edge-another-eclectic-collection-of-cricketing-facts-feats-and.pdf
    • http://www.gorillawalker.com/easy-cheese-recipes-mouth-watering-and-easy-cheese-recipes-for.pdf
    • http://www.gorillawalker.com/homespun-style.pdf
    • http://www.gorillawalker.com/a-great-aridness-climate-change-and-the-future-of-the.pdf
    • http://www.gorillawalker.com/lawyers-in-society-the-civil-law-world.pdf
    • http://www.gorillawalker.com/persophilia-persian-culture-on-the-global-scene.pdf
    • http://www.gorillawalker.com/reflective-practices-in-arts-education-landscapes-the-arts-aesthetics-and.pdf
    • http://www.gorillawalker.com/chorea-causes-and-management.pdf
    • http://www.gorillawalker.com/semantics-language-workbooks.pdf
    • http://www.gorillawalker.com/eritrea-bradt-travel-guide.pdf
    • http://www.gorillawalker.com/instant-immersion-mandarin-chinese.pdf
    • http://www.gorillawalker.com/heal-acne-fact-and-naturally-a-comprehensive-guide-to-getting.pdf
    • http://www.gorillawalker.com/two-ladies-and-a-rich-man.pdf
    • http://www.gorillawalker.com/precalculus-a-graphing-approach-teacher-s-edition.pdf
    • http://www.gorillawalker.com/the-u-s-army-war-college-guide-to-the-battle.pdf
    • http://www.gorillawalker.com/bible-cover-genuine-leather-small-brown-classic-quality.pdf
    • http://www.gorillawalker.com/early-wake-up-call.pdf
    • http://www.gorillawalker.com/maternal-newborn-nursing-2e-the-critical-components-of-nursing-care.pdf
    • http://www.gorillawalker.com/tom-s-big-dinners-big-time-home-cooking-for-family.pdf
    • http://www.gorillawalker.com/geometry-chapter-2-resource-masters-glencoe-mathematics.pdf
    • http://www.gorillawalker.com/arab-and-druze-at-home-a-record-of-travel-and.pdf
    • http://www.gorillawalker.com/lost-in-america-a-journey-with-my-father.pdf
    • http://www.gorillawalker.com/the-lady-and-the-pirate-he-wanted-me-pregnant-kindle.pdf
    • http://www.gorillawalker.com/smith-grangers-index-to-poetry-7ed-cloth.pdf
    • http://www.gorillawalker.com/autodesk-inventor-2015-review-for-certification.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.