Malicious PDF — malware analysis report

Static analysis result for SHA-256 0c65839c9a70a1a1…

MALICIOUS

PDF

34.2 KB Created: 2019-11-10 05:16:27 +03:00 Authoring application: Adobe Acrobat 8.0 (via Adobe Acrobat 8.0 Image Conversion Plug-in)
MD5: 08cea3137288295b7c0af36c019e1770 SHA-1: 1d857d8dd2ccc27cb08e4191f6eba9fbb1203940 SHA-256: 0c65839c9a70a1a1367e333feac34f4f5c62561408ab79c099a7b3b8950b74d8
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was flagged by ClamAV as Pdf.Dropper.Agent-7419775-0 and a machine learning classifier. It contains a large number of embedded URLs pointing to external PDF files, suggesting a link farm or a method to distribute further malicious content. The presence of embedded URLs and the dropper classification indicate a potential for initial access via spearphishing attachment, leading to the download of additional payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7419775-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7419775-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-vegetarian-soul-food-cookbook.pdf
    • http://www.gorillawalker.com/internal-communications-a-manual-for-practitioners-pr-in-practice.pdf
    • http://www.gorillawalker.com/the-battleship-uss-missouri-super-drawings-in-3d.pdf
    • http://www.gorillawalker.com/hydrogen-bonding-a-theoretical-perspective-topics-in-physical-chemistry.pdf
    • http://www.gorillawalker.com/chaco-handbook-an-encyclopedia-guide-chaco-canyon.pdf
    • http://www.gorillawalker.com/accounting-for-management-control.pdf
    • http://www.gorillawalker.com/high-performance-consulting-skills-the-internal-consultant-s-guide-to.pdf
    • http://www.gorillawalker.com/the-pathfinder-how-to-choose-or-change-your-career-for.pdf
    • http://www.gorillawalker.com/bad-boys-inc.pdf
    • http://www.gorillawalker.com/interagency-coordination-during-disaster-strategic-choices-for-the-un-ngos.pdf
    • http://www.gorillawalker.com/jaguar-xjs-car-motorcycle-marque-model.pdf
    • http://www.gorillawalker.com/song-of-the-buffalo-boy.pdf
    • http://www.gorillawalker.com/today-is-the-day-lincoln-brewster-worship-tools-bk-dvd.pdf
    • http://www.gorillawalker.com/the-lilies.pdf
    • http://www.gorillawalker.com/elektrizit-tsversorgungsplanung-f-r-l-ndliche-gebiete-in-entwicklungsl-ndern.pdf
    • http://www.gorillawalker.com/materials-and-processes-in-manufacturing-with-manufacturing-processes-sampler-dvd.pdf
    • http://www.gorillawalker.com/first-division-band-course-part-three-first-division-band-method.pdf
    • http://www.gorillawalker.com/the-blue-watch.pdf
    • http://www.gorillawalker.com/aesthetic-medicine-growing-your-practice.pdf
    • http://www.gorillawalker.com/3-english-dances-op-11-arrangement-for-orchestra-trombone-1.pdf
    • http://www.gorillawalker.com/carl-fischer-concerto-no-1-in-g-major-k-313.pdf
    • http://www.gorillawalker.com/columbus-project-book.pdf
    • http://www.gorillawalker.com/narrative-of-the-life-of-frederick-douglass-an-american-slave.pdf
    • http://www.gorillawalker.com/on-the-nature-of-prejudice-fifty-years-after-allport.pdf
    • http://www.gorillawalker.com/the-vernore-gene-shadow-reign-chronicles.pdf
    • http://www.gorillawalker.com/photography-and-september-11th-spectacle-memory-trauma.pdf
    • http://www.gorillawalker.com/spark-notes-dr-faustus.pdf
    • http://www.gorillawalker.com/co-ordinated-science-tchrs-g-c-s-e-year-2.pdf
    • http://www.gorillawalker.com/scientific-and-clinical-applications-of-magnetic-carriers.pdf
    • http://www.gorillawalker.com/hemodynamic-rounds.pdf
    • http://www.gorillawalker.com/card-play-technique-or-the-art-of-being-lucky.pdf
    • http://www.gorillawalker.com/mi-gran-libro-de-chistes-my-great-book-of-jokes.pdf
    • http://www.gorillawalker.com/an-illustrated-history-of-civil-engineering.pdf
    • http://www.gorillawalker.com/the-einsatzgruppen-reports-selections-from-the-dispatches-of-the-nazi.pdf
    • http://www.gorillawalker.com/the-gentleman-s-companion-or-around-the-world-with-knife.pdf
    • http://www.gorillawalker.com/horse-anatomy-for-performance.pdf
    • http://www.gorillawalker.com/one-direction-take-me-home.pdf
    • http://www.gorillawalker.com/commentary-on-the-twelve-prophets-fathers-of-the-church-patristic.pdf
    • http://www.gorillawalker.com/schulordnung-f-r-die-mittelschulen-in-bayern-mittelschulordnung-mso-german.pdf
    • http://www.gorillawalker.com/voices-of-early-modern-japan-contemporary-accounts-of-daily-life.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.