Malicious PDF — malware analysis report

Static analysis result for SHA-256 0c596b7f44c8f4cd…

MALICIOUS

PDF

42.0 KB Created: 2018-11-23 08:00:37 +03:00 Authoring application: PrimoPDF http://www.primopdf.com (via Nitro PDF PrimoPDF)
MD5: 9eed1b6c36b2bf4c99c8b80d81022c2c SHA-1: 5ffcf6c8819ea9e87b55965044141ad99877ac52 SHA-256: 0c596b7f44c8f4cd3475b96ad2544899812ddb9b2ab14da387f46153d20bf308
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. ClamAV detected this file as Pdf.Dropper.Agent-7196794-0, and a machine learning classifier also flagged it as malicious. While no scripts were explicitly extracted, the PDF structure and the heuristic firings strongly suggest a malicious dropper or downloader.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7196794-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7196794-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/strength-training-for-fat-loss.pdf
    • http://www.gorillawalker.com/welcome-baby-jesus-advent-and-christmas-reflections-for-families-english.pdf
    • http://www.gorillawalker.com/the-ghostway-a-harper-novel-of-suspense.pdf
    • http://www.gorillawalker.com/4-cd-set-for-music-a-social-experience.pdf
    • http://www.gorillawalker.com/thy-kingdom-come-the-navitas-epidemic-book-1.pdf
    • http://www.gorillawalker.com/the-xaripu-community-across-borders-labor-migration-community-and-family.pdf
    • http://www.gorillawalker.com/all-through-the-night-kindle-edition.pdf
    • http://www.gorillawalker.com/renoir-impressionism-and-full-length-painting-hardcover.pdf
    • http://www.gorillawalker.com/forever-unsheathed-12-erotic-short-stories-sexy-stories-collection-book.pdf
    • http://www.gorillawalker.com/a-unified-approach-to-subchapters-k-s-american-casebook-series.pdf
    • http://www.gorillawalker.com/crosscurrents-international-development.pdf
    • http://www.gorillawalker.com/crested-geckos-complete-herp-care.pdf
    • http://www.gorillawalker.com/spanked-by-her-best-friend-s-mother-taboo-lesbian-erotica.pdf
    • http://www.gorillawalker.com/blood-sisters.pdf
    • http://www.gorillawalker.com/2016-tony-stewart-wall-calendar.pdf
    • http://www.gorillawalker.com/miami-heat-coaches-stan-van-gundy-alvin-gentry-erik-spoelstra.pdf
    • http://www.gorillawalker.com/the-hobbit-illustrated-by-michael-hague-by-j-r-r.pdf
    • http://www.gorillawalker.com/natural-intelligence-body-mind-integration-and-human-development.pdf
    • http://www.gorillawalker.com/gloria-chorus-parts-satb-latin-english.pdf
    • http://www.gorillawalker.com/the-bible-theology-and-faith-a-study-of-abraham-and.pdf
    • http://www.gorillawalker.com/1-delhi-northwestern-india-travel-ref-map-1-45k-1.pdf
    • http://www.gorillawalker.com/building-your-own-airplane-an-introduction.pdf
    • http://www.gorillawalker.com/prayer-and-parable-stories.pdf
    • http://www.gorillawalker.com/wine-lover-s-guide-to-champagne-the-wine-lover-s.pdf
    • http://www.gorillawalker.com/mark-westminster-bible-companion.pdf
    • http://www.gorillawalker.com/the-mini-rough-guide-to-st-lucia-1st-edition-the.pdf
    • http://www.gorillawalker.com/what-can-i-play-for-special-services-complete-collection-easily.pdf
    • http://www.gorillawalker.com/the-case-for-books-past-present-and-future.pdf
    • http://www.gorillawalker.com/the-hope-of-a-homecoming-entrusting-your-prodigal-to-a.pdf
    • http://www.gorillawalker.com/modern-project-management-techniques-for-the-environmental-remediation-industry.pdf
    • http://www.gorillawalker.com/reality-hack.pdf
    • http://www.gorillawalker.com/spark-from-heaven-the-mystery-of-the-madonna-of-medjugorje.pdf
    • http://www.gorillawalker.com/where-you-are.pdf
    • http://www.gorillawalker.com/el-hombre-del-bar-the-man-from-the-bar-leer.pdf
    • http://www.gorillawalker.com/the-write-approach-techniques-for-effective-business-writing.pdf
    • http://www.gorillawalker.com/peranakan-snacks-desserts.pdf
    • http://www.gorillawalker.com/art-activity-pack-van-gogh.pdf
    • http://www.gorillawalker.com/80-best-paleo-diet-recipes-the-fastest-way-for-weight.pdf
    • http://www.gorillawalker.com/whose-garden-is-it.pdf
    • http://www.gorillawalker.com/human-dignity-in-bioethics-and-biolaw.pdf
    • http://www.primopdf.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.