Malicious PDF — malware analysis report

Static analysis result for SHA-256 0a9ccc4e0541cbe6…

MALICIOUS

PDF

44.3 KB Created: 2018-12-02 20:18:02 +03:00 Authoring application: TeX (via pdfTeX-1.40.17)
MD5: 888297040113ca6050383c37852bc3c9 SHA-1: 415495c2451e4784ae4c9610c230460537769c2f SHA-256: 0a9ccc4e0541cbe6e07ef153cc3582cff2479cd4192a252cd8349a235ca62ed2
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used to obscure malicious intent or to distribute further content. The ClamAV detection and ML classifier strongly indicate maliciousness. The primary attack pattern observed is the creation of a link farm designed to direct users to numerous external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7139761-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7139761-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/busy-farm-count-to-10-books-in-action.pdf
    • http://www.gorillawalker.com/linux-networking-cookbook.pdf
    • http://www.gorillawalker.com/the-thinking-body-a-study-of-the-balancing-forces-of.pdf
    • http://www.gorillawalker.com/wrecks-and-other-plays.pdf
    • http://www.gorillawalker.com/ged-official-practice-test-test-booklet-pb-spanish-math-2.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-psychopharmacotherapy.pdf
    • http://www.gorillawalker.com/tony-southgate-from-drawing-board-to-chequered-flag-the-autobiography.pdf
    • http://www.gorillawalker.com/nonlinear-functional-analysis-and-its-applications-i-fixed-point-theorems.pdf
    • http://www.gorillawalker.com/enhancing-global-governance-towards-a-new-diplomacy-foundations-of-peace.pdf
    • http://www.gorillawalker.com/five-minute-art-draw.pdf
    • http://www.gorillawalker.com/collectible-pocket-knives-collectibles.pdf
    • http://www.gorillawalker.com/the-dentists-guide-to-medical-billing.pdf
    • http://www.gorillawalker.com/foods-that-harm-foods-that-heal.pdf
    • http://www.gorillawalker.com/geographic-information-systems-for-the-social-sciences-investigating-space-and.pdf
    • http://www.gorillawalker.com/europe-1780-1830.pdf
    • http://www.gorillawalker.com/texas-advance-sheet-february-2012-kindle-edition.pdf
    • http://www.gorillawalker.com/ritual-communication-from-everyday-conversation-to-mediated-ceremony.pdf
    • http://www.gorillawalker.com/apple-acre-nature-classics-library.pdf
    • http://www.gorillawalker.com/i-was-here-kindle-edition.pdf
    • http://www.gorillawalker.com/the-art-of-bmw-85-years-of-motorcycling-excellence-ill.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-kierkegaard-oxford-handbooks.pdf
    • http://www.gorillawalker.com/eisenhower-s-atoms-for-peace-library-of-presidential-rhetoric.pdf
    • http://www.gorillawalker.com/ballroom-world-dance-book-revised-4th-revised-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/neuroscience-in-the-courtroom-what-every-lawyer-should-know-about.pdf
    • http://www.gorillawalker.com/black-decker-the-complete-guide-to-flooring-with-dvd-3rd.pdf
    • http://www.gorillawalker.com/identity-in-transformation-postmodernity-postcommunism-and-globalization.pdf
    • http://www.gorillawalker.com/applied-structural-steel-design.pdf
    • http://www.gorillawalker.com/ideas-details-a-guide-to-college-writing-with-infotrac.pdf
    • http://www.gorillawalker.com/contending-nationalisms-of-oromia-and-ethiopia-struggling-for-statehood-sovereignty.pdf
    • http://www.gorillawalker.com/all-audio-french-cd-ll-r-all-audio-courses.pdf
    • http://www.gorillawalker.com/bernie-flies-a-helicopter.pdf
    • http://www.gorillawalker.com/so-long-constipation-part-1.pdf
    • http://www.gorillawalker.com/the-concise-oxford-dictionary-of-english-place-names.pdf
    • http://www.gorillawalker.com/core-skills-writing-reproducible-grade-3.pdf
    • http://www.gorillawalker.com/the-prostate-massage-manual-what-every-man-needs-to-know.pdf
    • http://www.gorillawalker.com/healthy-intelligent-training-the-proven-principles-of-arthur-lydiard.pdf
    • http://www.gorillawalker.com/long-bomb-how-the-xfl-became-tv-s-biggest-fiasco.pdf
    • http://www.gorillawalker.com/i-love-hockey-j-aime-le-hockey-french-english-dual.pdf
    • http://www.gorillawalker.com/jumbo-book-of-codebreakers-jumbo-320-pbscw.pdf
    • http://www.gorillawalker.com/graphene-optoelectronics-synthesis-characterization-properties-and-applications.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.