Malicious PDF — malware analysis report

Static analysis result for SHA-256 0c14ba2cbccf5367…

MALICIOUS

PDF

43.5 KB Created: 2018-12-15 08:11:06 +03:00 Authoring application: Pscript.dll Version 5.0 (via AFPL Ghostscript 8.50)
MD5: 5d0ad656caf71bd537673050628efb4e SHA-1: e3ccfac727e639a076c7273bb2d312436af5b455 SHA-256: 0c14ba2cbccf536766b535d38d45d445757f79acc43d93902024f201fba3fe5d
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by multiple heuristics, including a critical alert for a large number of embedded external links. The ML classifier also indicated a high probability of maliciousness. The embedded URLs suggest a link farm or SEO manipulation tactic, potentially serving as a lure or a distribution mechanism for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7227754-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7227754-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/emily-post-s-etiquette-with-illustrations-complete-and-unabridged.pdf
    • http://www.gorillawalker.com/sotheran-catalogue-no-795-catalogue-of-science-and-technology-no.pdf
    • http://www.gorillawalker.com/jigs-reels-hornpipes-violin-with-cd-audio-fiddler-collection.pdf
    • http://www.gorillawalker.com/treasure-of-the-lake.pdf
    • http://www.gorillawalker.com/life-jubilee-queen-elizabeth-ii-60-years-on-the-throne.pdf
    • http://www.gorillawalker.com/paid-in-full-kindle-edition.pdf
    • http://www.gorillawalker.com/brain-friendly-assessments-what-they-are-and-how-to-use.pdf
    • http://www.gorillawalker.com/oscuros-fallen-el-poder-de-las-sombras-the-power-of.pdf
    • http://www.gorillawalker.com/write-source-skillsbook-consumable-grade-10.pdf
    • http://www.gorillawalker.com/heaven-bound-creating-a-funeral-or-memorial-service-for-your.pdf
    • http://www.gorillawalker.com/shipwrecked-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/marketing-places.pdf
    • http://www.gorillawalker.com/bondage-addict.pdf
    • http://www.gorillawalker.com/political-islam-and-the-invention-of-tradition.pdf
    • http://www.gorillawalker.com/the-macmillan-atlas-of-the-holocaust-a-da-capo-paperback.pdf
    • http://www.gorillawalker.com/a-cephalometric-evaluation-of-maxillary-first-molar-post-treatment-stability.pdf
    • http://www.gorillawalker.com/notary-public-practices-glossary.pdf
    • http://www.gorillawalker.com/dysphagia-clinical-management-in-adults-and-children-print-replica-kindle.pdf
    • http://www.gorillawalker.com/proverbs-an-eclectic-edition-with-introduction-and-textual-commentary-hebrew.pdf
    • http://www.gorillawalker.com/devil-s-gold.pdf
    • http://www.gorillawalker.com/first-year-charts-collection-for-jazz-ensemble-3rd-trombone-first.pdf
    • http://www.gorillawalker.com/flute-fingering-chart-amsco-fingering-charts.pdf
    • http://www.gorillawalker.com/nazi-germany-foundation-heinemann-secondary-history-project.pdf
    • http://www.gorillawalker.com/when-fenelon-falls.pdf
    • http://www.gorillawalker.com/in-the-wind.pdf
    • http://www.gorillawalker.com/the-runaway-climbers-part-1-how-the-2008-k2-disaster.pdf
    • http://www.gorillawalker.com/an-italian-forever-kindle-edition.pdf
    • http://www.gorillawalker.com/the-urban-condition-space-community-and-self-in-the-contemporary.pdf
    • http://www.gorillawalker.com/die-syrische-trag.pdf
    • http://www.gorillawalker.com/aural-bk-1-aural-specimen-aural-tests-for-trinity-college.pdf
    • http://www.gorillawalker.com/swords-from-the-west.pdf
    • http://www.gorillawalker.com/a-general-introduction-to-psychoanalysis-classic-reprint.pdf
    • http://www.gorillawalker.com/mosdos-press-literature-jade-student-edition.pdf
    • http://www.gorillawalker.com/the-only-grant-writing-book-you-ll-ever-need-only.pdf
    • http://www.gorillawalker.com/quantitative-risk-assessment-of-hazardous-materials-transport-systems-rail-road.pdf
    • http://www.gorillawalker.com/quality-of-life-in-older-persons-meaning-and-measurement.pdf
    • http://www.gorillawalker.com/track-and-field-science-behind-sports.pdf
    • http://www.gorillawalker.com/hygiene-dental-and-general.pdf
    • http://www.gorillawalker.com/concepts-of-value-in-european-material-culture-1500-1900-the.pdf
    • http://www.gorillawalker.com/the-moral-status-of-technical-artefacts-philosophy-of-engineering-and.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.