Malicious PDF — malware analysis report

Static analysis result for SHA-256 0b98366a3ffca20c…

MALICIOUS

PDF

47.3 KB Created: 2018-11-21 20:53:12 +03:00 Authoring application: ABBYY FineReader (via -)
MD5: 4da41e71c5dba90c4f48c6ce6e44139d SHA-1: 2b9834a8a7483aa6d92cd197e260700930bc5104 SHA-256: 0b98366a3ffca20c89c9467c8adbc0de881be691f45a60989f4f42a9646fa6e4
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The critical PDF_SEO_LINK_FARM heuristic indicates the presence of a mass external PDF link farm, with 32 links found. This suggests the document's primary purpose is to act as a link aggregator, potentially for SEO manipulation or to distribute other malicious files. The ML classifier and ClamAV detection further support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7142642-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142642-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/communicator-ii-bk-2.pdf
    • http://www.gorillawalker.com/small-animal-internal-medicine-4e-small-animal-medicine.pdf
    • http://www.gorillawalker.com/measurement-and-probability-a-probabilistic-theory-of-measurement-with-applications.pdf
    • http://www.gorillawalker.com/gettysburg-battle-of-an-entry-from-charles-scribner-s-sons.pdf
    • http://www.gorillawalker.com/water-pollution-microbiology-v-2.pdf
    • http://www.gorillawalker.com/introduction-to-adiabatic-shear-localization.pdf
    • http://www.gorillawalker.com/heaven-painted-as-a-christmas-gift-volume-2.pdf
    • http://www.gorillawalker.com/paint-and-surface-coatings-second-edition-theory-and-practice-woodhead.pdf
    • http://www.gorillawalker.com/educational-leaflets-issued-by-the-mutual-life-insurance-company-of.pdf
    • http://www.gorillawalker.com/box-turtle-at-silver-pond-lane-a-smithsonian-s-backyard.pdf
    • http://www.gorillawalker.com/midlife-crisis-in-morocco-travels-on-a-whim-and-a.pdf
    • http://www.gorillawalker.com/no-rules-brazilian-jiu-jitsu-techniques-for-mixed-martial-arts.pdf
    • http://www.gorillawalker.com/freeing-tibet-50-years-of-struggle-resilience-and-hope.pdf
    • http://www.gorillawalker.com/temper-tantrum-common-sense-handbook-common-sense-handbooks-kindle-edition.pdf
    • http://www.gorillawalker.com/practical-three-way-calibration.pdf
    • http://www.gorillawalker.com/blue-light-can-detect-microscopic-endometriosis-laparoscopic-spectral-analysis-an.pdf
    • http://www.gorillawalker.com/consolidated-insurance-companies-act-of-canada-regulations-and-guidelines-2011.pdf
    • http://www.gorillawalker.com/neonatology-pathophysiology-and-management-of-the-newborn.pdf
    • http://www.gorillawalker.com/guidebook-for-the-scientific-traveler-visiting-astronomy-and-space-exploration.pdf
    • http://www.gorillawalker.com/strategies-de-la-musique-creation-communication-french-edition.pdf
    • http://www.gorillawalker.com/murder-on-the-champ-de-mars-an-aim.pdf
    • http://www.gorillawalker.com/2016-planner-too-blessed-to-be-stressed.pdf
    • http://www.gorillawalker.com/don-t-send-me-flowers-when-i-m-dead-voices.pdf
    • http://www.gorillawalker.com/supercoach.pdf
    • http://www.gorillawalker.com/teen-health-course-3-student-activities-workbook.pdf
    • http://www.gorillawalker.com/the-art-of-becoming-homeless-the-greek-village-collection-book.pdf
    • http://www.gorillawalker.com/jerry-es-mejor-spanish-edition.pdf
    • http://www.gorillawalker.com/children-with-cerebral-palsy-a-manual-for-therapists-parents-and.pdf
    • http://www.gorillawalker.com/labour-law-in-the-netherlands.pdf
    • http://www.gorillawalker.com/the-land-of-open-graves-living-and-dying-on-the.pdf
    • http://www.gorillawalker.com/guinea-pigs-animal-planet-pet-care-library.pdf
    • http://www.gorillawalker.com/wizard-s-brew-camelot-wizards-volume-1.pdf
    • http://www.gorillawalker.com/boom-and-bust-financial-cycles-and-human-prosperity-values-and.pdf
    • http://www.gorillawalker.com/holt-mathematics-texas-taks-prep-workbook-course-2.pdf
    • http://www.gorillawalker.com/catholic-women-of-congo-brazzaville-mothers-and-sisters-in-troubled.pdf
    • http://www.gorillawalker.com/jaynie-and-the-alien.pdf
    • http://www.gorillawalker.com/blood-moon-god-s-warning-jewish-feasts-and-the-blood.pdf
    • http://www.gorillawalker.com/denying-the-holocaust-the-growing-assault-on-truth-and-memory.pdf
    • http://www.gorillawalker.com/how-to-solve-word-problems-in-algebra-a-solved-problem.pdf
    • http://www.gorillawalker.com/12-romances-op-14-spring-waters-no-11-for-orchestra.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.