Malicious PDF — malware analysis report

Static analysis result for SHA-256 0aea8e1428d027cb…

MALICIOUS

PDF

43.5 KB Created: 2018-11-21 20:52:44 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.40.9)
MD5: be94cb8fb8f30e5cbec78e47be22e4ac SHA-1: 2197729c7a3aef5375170416ac7da02b2264d88b SHA-256: 0aea8e1428d027cb42985f11d7917051a5e55838f6d6257dd9c98c7fbbc63a0b
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The critical heuristic firing for PDF_SEO_LINK_FARM reveals a mass of external PDF links, suggesting a link-farming or content distribution scheme. The embedded URLs are likely part of this scheme, potentially leading to further malicious content or SEO manipulation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7227085-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7227085-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/building-digital-libraries-a-how-to-do-it-manual.pdf
    • http://www.gorillawalker.com/history-of-the-scofield-mine-disaster-a-concise-account-of.pdf
    • http://www.gorillawalker.com/the-image-of-the-non-jew-in-judaism-an-historical.pdf
    • http://www.gorillawalker.com/ruins-and-fragments-tales-of-loss-and-rediscovery.pdf
    • http://www.gorillawalker.com/aromatherapy-secrets-for-wellness-maximize-your-life-force-transform-stress.pdf
    • http://www.gorillawalker.com/dietoterapia-nutrici.pdf
    • http://www.gorillawalker.com/exploring-j-r-r-tolkien-s-the-hobbit-unabridged-audible.pdf
    • http://www.gorillawalker.com/paintings-of-the-panama-canal-by-jonas-lie-exhibited-at.pdf
    • http://www.gorillawalker.com/tennis-for-kids-over-150-games-to-teach-children-the.pdf
    • http://www.gorillawalker.com/ravel-gaspard-de-la-nuit-alfred-masterwork-editions.pdf
    • http://www.gorillawalker.com/passage-studies-for-the-b-clarinet-vol-2-moderately-difficult.pdf
    • http://www.gorillawalker.com/hiking-tennessee.pdf
    • http://www.gorillawalker.com/we-the-people-core-tenth-edition.pdf
    • http://www.gorillawalker.com/panache-montreal-s-flair-for-kosher-cooking.pdf
    • http://www.gorillawalker.com/ruaha-tanzania-national-parks-into-africa-travel-guide-series.pdf
    • http://www.gorillawalker.com/food-beverage-service-training-manual-with-225-sop.pdf
    • http://www.gorillawalker.com/star-wars-blood-ties-a-tale-of-jango-and-boba.pdf
    • http://www.gorillawalker.com/hacia-d-nde-va-el-mundo-spanish-edition.pdf
    • http://www.gorillawalker.com/week-by-week-math-review-for-the-digital-classroom-grade.pdf
    • http://www.gorillawalker.com/mario-sukata-s-definitive-guide-for-mixed-martial-arts-neto.pdf
    • http://www.gorillawalker.com/nazareth-hill.pdf
    • http://www.gorillawalker.com/blur-the-chord-songbook-lyric-songbook-octavo-size-book.pdf
    • http://www.gorillawalker.com/comatose.pdf
    • http://www.gorillawalker.com/employment-practices-liability-guide-to-risk-exposures-and-coverage-2nd.pdf
    • http://www.gorillawalker.com/dust-tactics-ssu-close-combat-squad.pdf
    • http://www.gorillawalker.com/the-emperor-of-ocean-park.pdf
    • http://www.gorillawalker.com/the-mosses-of-norfolk-island-flora-of-australia-supplementary-series.pdf
    • http://www.gorillawalker.com/winning-tennis.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-h-d-cambridge-companions-to-literature.pdf
    • http://www.gorillawalker.com/the-ultimate-military-spouse-survival-guide-navy-edition.pdf
    • http://www.gorillawalker.com/everyday-tao-living-with-balance-and-harmony.pdf
    • http://www.gorillawalker.com/images-bk-1-alfred-masterwork-edition.pdf
    • http://www.gorillawalker.com/the-tycoon-s-vacation-baby-for-the-billionaire-book-2.pdf
    • http://www.gorillawalker.com/the-reality-bug-pendragon-series.pdf
    • http://www.gorillawalker.com/ashes-and-snow-santa-monica-exhibition-catalogue-ashes-and-snow.pdf
    • http://www.gorillawalker.com/by-ryland-peters-small-easy-smoothies-juices-hardcover.pdf
    • http://www.gorillawalker.com/nelson-handwriting-cursive-copymasters-1-new-nelson-handwriting.pdf
    • http://www.gorillawalker.com/mission-sunwise-activity-book-2010.pdf
    • http://www.gorillawalker.com/uplifting-the-exhaust-the-hows-and-whys-of-waterlift-mufflers.pdf
    • http://www.gorillawalker.com/prisoners-of-war-australians-at-war.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.