Malicious PDF — malware analysis report

Static analysis result for SHA-256 0a062951c440283a…

MALICIOUS

PDF

45.7 KB Created: 2018-11-23 08:00:36 +03:00 Authoring application: - (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: 31b723389e1ab404306a07d2f0d30397 SHA-1: e19edb9f690956f7666f24443b7e07067d542a22 SHA-256: 0a062951c440283a346991e49671f75d2201ee03b6718739c4455cd1092e40e4
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML classifier and ClamAV detection further support its malicious nature, classifying it as a PDF dropper.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7140542-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140542-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/living-with-multiple-sclerosis-a-social-psychological-analysis.pdf
    • http://www.gorillawalker.com/bismarck-and-germany-1862-1890-seminar-studies-in-history-series.pdf
    • http://www.gorillawalker.com/comentario-b-blico-conciso-holman-spanish-edition.pdf
    • http://www.gorillawalker.com/physicians-split-on-suicide-issue-health-ethics-oregon-doctors-continue.pdf
    • http://www.gorillawalker.com/california-case-tests-workers-claims-of-chemical-exposure-an-article.pdf
    • http://www.gorillawalker.com/the-black-keys-el-camino-play-it-like-it-is.pdf
    • http://www.gorillawalker.com/nadie-me-ofende-impunemente-spanish-edition.pdf
    • http://www.gorillawalker.com/justifying-the-fcc-s-minority-preference-policies-an-article-from.pdf
    • http://www.gorillawalker.com/the-technological-singularity-the-mit-press-essential-knowledge-series.pdf
    • http://www.gorillawalker.com/bourbon-and-stuart-kings-and-kingship-in-france-and-england.pdf
    • http://www.gorillawalker.com/video-poker-for-the-intelligent-beginner.pdf
    • http://www.gorillawalker.com/my-medical-school-my-university.pdf
    • http://www.gorillawalker.com/adventures-in-3d-printing-limitless-possibilities-and-profit-using-3d.pdf
    • http://www.gorillawalker.com/the-autoimmune-epidemic-bodies-gone-haywire-in-a-world-out.pdf
    • http://www.gorillawalker.com/see-you-later-alligator.pdf
    • http://www.gorillawalker.com/our-famous-women-an-authorized-record-of-the-lives-and.pdf
    • http://www.gorillawalker.com/setting-the-agenda-meditations-for-the-organization-s-soul.pdf
    • http://www.gorillawalker.com/beyond-the-state-nigeria-s-search-for-positive-leadership.pdf
    • http://www.gorillawalker.com/sex-in-psychoanalysis.pdf
    • http://www.gorillawalker.com/hacienda-book-1-an-indentured-filly.pdf
    • http://www.gorillawalker.com/aircraft-safety-accident-investigations-analyses-applications-second-edition.pdf
    • http://www.gorillawalker.com/corporate-community-involvement-a-visible-face-of-csr-in-practice.pdf
    • http://www.gorillawalker.com/stem-s-oil-painting-guide-oil-techniques-for-the-contemporary.pdf
    • http://www.gorillawalker.com/30-days-of-night.pdf
    • http://www.gorillawalker.com/cause-lawyering-political-commitments-and-professional-responsibilities-oxford-socio-legal.pdf
    • http://www.gorillawalker.com/billy-graham-christian-worker-handbook.pdf
    • http://www.gorillawalker.com/introduction-to-astrophysics-the-stars-dover-books-on-physics.pdf
    • http://www.gorillawalker.com/the-backup-boyfriend-boyfriend-chronicles-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/avoiding-the-dark-race-and-the-forging-of-national-culture.pdf
    • http://www.gorillawalker.com/weak-two-opens-and-pre-emptive-bids-bridge-concepts-and.pdf
    • http://www.gorillawalker.com/the-foreign-burial-of-american-war-dead-a-history.pdf
    • http://www.gorillawalker.com/a-gathering-of-crows.pdf
    • http://www.gorillawalker.com/letters-home-the-wartime-correspondence-and-diary-of-john-edwin.pdf
    • http://www.gorillawalker.com/redefining-our-relationships-guidelines-for-responsible-open-relationships.pdf
    • http://www.gorillawalker.com/chinese-circulations-capital-commodities-and-networks-in-southeast-asia.pdf
    • http://www.gorillawalker.com/imperial-legacy.pdf
    • http://www.gorillawalker.com/regional-missile-defense-from-a-global-perspective.pdf
    • http://www.gorillawalker.com/statistischer-unsinn-wenn-medien-an-der-prozenth-rde-scheitern-german.pdf
    • http://www.gorillawalker.com/rigoletto-italian-edition.pdf
    • http://www.gorillawalker.com/the-thin-black-line-true-stories-by-black-law-enforcement.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.