Malicious PDF — malware analysis report

Static analysis result for SHA-256 0766df6e922df398…

MALICIOUS

PDF

33.5 KB Created: 2019-09-30 03:02:15 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: 8bba1f42ac9f1de336a33a26930e3984 SHA-1: 9e1991af4dc664bdd13f62530417e68c80393a42 SHA-256: 0766df6e922df398cbc5d8d794c3ecfdafa88e265e1cc8c6f6aedd03f8848e91
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was identified as malicious by ClamAV and an ML classifier, and it contains a large number of embedded links to external PDF files. This suggests a link farm or SEO poisoning attack, where the document's primary purpose is to drive traffic to other resources. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of its specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7340410-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7340410-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-meaning-of-faith-a-classic-writing-on-the-mystery.pdf
    • http://www.gorillawalker.com/more-and-more-spring-flowers-and-me-flower-series-book.pdf
    • http://www.gorillawalker.com/a-cricket-s-christmas-the-bethlehem-story.pdf
    • http://www.gorillawalker.com/two-hundred-flash-tips.pdf
    • http://www.gorillawalker.com/trigger-effect-silhouette-bombshell.pdf
    • http://www.gorillawalker.com/drawing-the-human-head-1976-cloth.pdf
    • http://www.gorillawalker.com/three-treatises-on-the-divine-images-apologia-against-those-who.pdf
    • http://www.gorillawalker.com/flash-cs5-professional-advanced-aca-edition-certblaster-ilt.pdf
    • http://www.gorillawalker.com/calif-assigned-risk-plan-battle-brews-an-article-from-national.pdf
    • http://www.gorillawalker.com/the-coming-of-the-civil-war-1837-1861.pdf
    • http://www.gorillawalker.com/color-mixing-color-matching-how-to-mix-clean-bright-colors.pdf
    • http://www.gorillawalker.com/the-complete-fairy-tales-of-brothers-grimm-a-bantam-trade.pdf
    • http://www.gorillawalker.com/sarah-s-seduction-men-of-august-book-2.pdf
    • http://www.gorillawalker.com/complete-reflexology-for-life.pdf
    • http://www.gorillawalker.com/the-complete-fairy-tales-of-oscar-wilde.pdf
    • http://www.gorillawalker.com/making-money-social-studies.pdf
    • http://www.gorillawalker.com/polypharmacy-in-psychiatry-medical-psychiatry.pdf
    • http://www.gorillawalker.com/trying-to-win-at-love-a-journey-through-an-extraordinary.pdf
    • http://www.gorillawalker.com/bayesian-bounds-for-parameter-estimation-and-nonlinear-filtering-tracking.pdf
    • http://www.gorillawalker.com/automotive-engine-valve-recession.pdf
    • http://www.gorillawalker.com/geheimakte-mars-04-rebellion-auf-proxima-centauri-volume-4-german.pdf
    • http://www.gorillawalker.com/seven-steps-to-a-successful-business-plan.pdf
    • http://www.gorillawalker.com/illustrated-walks-in-london-regent.pdf
    • http://www.gorillawalker.com/la-historia-de-lucecita-the-story-of-lucecita-una-nina.pdf
    • http://www.gorillawalker.com/vorlesungen-ber-nicht-euklidische-geometrie-grundlehren-der-mathematischen-wissenschaften-german.pdf
    • http://www.gorillawalker.com/gabriel-phoenix-club-volume-4.pdf
    • http://www.gorillawalker.com/ritual-chill-deathlands.pdf
    • http://www.gorillawalker.com/anatomy-and-dissection-of-the-fetal-pig.pdf
    • http://www.gorillawalker.com/sister-sarah-s-pick-5-predictive-method-s-system-win.pdf
    • http://www.gorillawalker.com/chaos-theory-3rd-movement.pdf
    • http://www.gorillawalker.com/cheesecake-extraordinaire-more-than-100-versions-of-the-ultimate-dessert.pdf
    • http://www.gorillawalker.com/augustus-and-imperial-rome-rulers-and-their-times.pdf
    • http://www.gorillawalker.com/puppies-in-paradise-tj-jensen-paradise-lake-mysteries-volume-5.pdf
    • http://www.gorillawalker.com/rape-hate-sex-violence-in-war-peace.pdf
    • http://www.gorillawalker.com/being-different-lambda-youths-speak-out-the-lesbian-and-gay.pdf
    • http://www.gorillawalker.com/the-cross-of-redemption-uncollected-writings-vintage-international-original.pdf
    • http://www.gorillawalker.com/dirge-for-two-veterans-keyboard-organ-or-piano-or-brass.pdf
    • http://www.gorillawalker.com/doctrine-and-argument-in-indian-philosophy.pdf
    • http://www.gorillawalker.com/larval-stages-of-northeastern-atlantic-crabs-an-illustrated-key-international.pdf
    • http://www.gorillawalker.com/the-management-of-musculoskeletal-problems-in-the-haemophilias-oxford-medical.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.