Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ba79bac11c98957…

MALICIOUS

PDF

44.9 KB Created: 2018-12-15 08:52:27 +03:00 Authoring application: FrameMaker 5.5.6p145 (via Acrobat Distiller 6.0 (Windows))
MD5: 533746020079d54edd462d0ad50dce84 SHA-1: 7f91c4340e7333028208a81378815d0e90ef85c6 SHA-256: 0ba79bac11c9895733cdf38c1c828b1dc121c94fc1832220f796f0852fa9f371
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malware. ClamAV detected this as Pdf.Dropper.Agent-7142918-0, and an ML classifier also flagged it as malicious. The embedded links suggest an attempt to redirect users to potentially harmful content hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7142918-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142918-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-legend-of-bagger-vance-a-novel-of-golf-and.pdf
    • http://www.gorillawalker.com/snow-white-lucks-out-turtleback-school-library-binding-edition-grimmtastic.pdf
    • http://www.gorillawalker.com/new-testament-greek-listening-materials-for-the-elements-of-new.pdf
    • http://www.gorillawalker.com/nanny-piggins-and-the-runaway-lion.pdf
    • http://www.gorillawalker.com/handbook-of-international-research-in-mathematics-education-100-cases.pdf
    • http://www.gorillawalker.com/9-ideas-para-vivir-mejor-la-santa-misa-spanish-edition.pdf
    • http://www.gorillawalker.com/robert-nozick-contemporary-philosophy-in-focus.pdf
    • http://www.gorillawalker.com/baran-and-dawber-s-diseases-of-the-nails-and-their.pdf
    • http://www.gorillawalker.com/el-libro-rojo-de-los-m-rtires-chinos-testimonios-y.pdf
    • http://www.gorillawalker.com/little-book-of-gardening-tips.pdf
    • http://www.gorillawalker.com/how-to-draw-the-life-and-times-of-warren-g.pdf
    • http://www.gorillawalker.com/the-story-of-the-malakand-field-force-an-episode-of.pdf
    • http://www.gorillawalker.com/10-women.pdf
    • http://www.gorillawalker.com/definitive-rock-n-roll-collection-flute.pdf
    • http://www.gorillawalker.com/her-rodeo-man-reckless-arizona.pdf
    • http://www.gorillawalker.com/gabriel-s-soul-the-werewolves-of-willow-lake-4-siren.pdf
    • http://www.gorillawalker.com/airline-competition-issues-raised-by-consolidation.pdf
    • http://www.gorillawalker.com/machines-inside-machines.pdf
    • http://www.gorillawalker.com/the-teachers-superannuation-scotland-amendment-regulations-2006-scottish-statutory-instruments.pdf
    • http://www.gorillawalker.com/berg-nge-ressourcenorientiert-gestalten-von-der-kita-in-die-grundschule.pdf
    • http://www.gorillawalker.com/helping-at-risk-youth-through-physical-fitness-programming.pdf
    • http://www.gorillawalker.com/in-person-world-poets-vol-2.pdf
    • http://www.gorillawalker.com/lollipop-vaudeville-turns-with-a-fanchon-and-marco-dancer-studies.pdf
    • http://www.gorillawalker.com/a-centripetal-theory-of-democratic-governance.pdf
    • http://www.gorillawalker.com/dark-star.pdf
    • http://www.gorillawalker.com/you-know-you-re-a-rugby-fanatic-when.pdf
    • http://www.gorillawalker.com/soft-target-executioner.pdf
    • http://www.gorillawalker.com/legendary-journeys-space.pdf
    • http://www.gorillawalker.com/health-in-the-guatemalan-highlands.pdf
    • http://www.gorillawalker.com/hodder-cambridge-primary-english-work-book-stage-3-stage-3.pdf
    • http://www.gorillawalker.com/advanced-machining-technology-handbook.pdf
    • http://www.gorillawalker.com/snowball-wars-a-hilarious-adventure-for-children-ages-9-12.pdf
    • http://www.gorillawalker.com/anne-geddes-a-labour-of-love-2008-day-to-day.pdf
    • http://www.gorillawalker.com/skin-cancer-overview-an-article-from-nwhrc-health-center-skin.pdf
    • http://www.gorillawalker.com/railways-in-the-netherlands-a-brief-history-1834-1994.pdf
    • http://www.gorillawalker.com/mixed-magics-four-tales-of-chrestomanci.pdf
    • http://www.gorillawalker.com/sports-law-regulation-cases-materials-problems-third-edition-aspen-casebook.pdf
    • http://www.gorillawalker.com/great-books-of-the-western-world-by-encyclopedia-britannica-1952.pdf
    • http://www.gorillawalker.com/weep-o-daughter-of-zion-a-study-of-the-city.pdf
    • http://www.gorillawalker.com/your-introduction-to-education-explorations-in-teaching-enhanced-pearson-etext.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.