Malicious PDF — malware analysis report

Static analysis result for SHA-256 0cb8e2b2707b7fb5…

MALICIOUS

PDF

33.8 KB Created: 2019-11-10 05:17:48 +03:00 Authoring application: QuarkXPress(tm) 6.1
MD5: 2c65753d85e9aa7ca3e81abec914c5f5 SHA-1: d4b740330ce924ada2a016dd8bba21b9fdb7be18 SHA-256: 0cb8e2b2707b7fb5f34334b5700070601adc2154140581d4e319dfadec301940
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier and ClamAV detection also flag this file as malicious. While no scripts were explicitly extracted, the nature of the embedded links suggests a potential for distributing further malicious content or engaging in SEO-based abuse.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7550372-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7550372-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/april-loves-black-coffee-first-impressions-volume-1.pdf
    • http://www.gorillawalker.com/complex-surveys-a-guide-to-analysis-using-r.pdf
    • http://www.gorillawalker.com/communication-and-interpersonal-skills.pdf
    • http://www.gorillawalker.com/the-magic-of-the-heart-reflections-on-divine-love.pdf
    • http://www.gorillawalker.com/energy-tax-incentives-measuring-value-across-different-types-of-energy.pdf
    • http://www.gorillawalker.com/quarterly-journal-of-microscopical-science-volume-38.pdf
    • http://www.gorillawalker.com/the-essential-feminist-reader-modern-library-classics.pdf
    • http://www.gorillawalker.com/celebrity-chefs-of-new-jersey-their-stories-recipes-and-secrets.pdf
    • http://www.gorillawalker.com/hans-peter-feldmann-voyeur-5.pdf
    • http://www.gorillawalker.com/miramientos-spanish-edition.pdf
    • http://www.gorillawalker.com/landlord-and-tenant-law-law-society-of-ireland-manual.pdf
    • http://www.gorillawalker.com/chipper.pdf
    • http://www.gorillawalker.com/tlemcen-au-passe-retrouve-french-edition.pdf
    • http://www.gorillawalker.com/ferrari-ferrari-autos-r-pidos-fast-cars-multilingual-edition.pdf
    • http://www.gorillawalker.com/badminton-between-the-covers.pdf
    • http://www.gorillawalker.com/economics-and-the-environment-a-materials-balance-approach-routledge-revivals.pdf
    • http://www.gorillawalker.com/publishing-forms-and-contracts.pdf
    • http://www.gorillawalker.com/academy-award-theater-watch-on-the-rhine-and-keys-to.pdf
    • http://www.gorillawalker.com/kindergarten-here-comes-silly-pants-the-silly-pants-series-volume.pdf
    • http://www.gorillawalker.com/101-three-chord-hymns-and-gospel-songs-for-guitar-banjo.pdf
    • http://www.gorillawalker.com/clinical-magnetic-resonance-imaging-3-volume-set.pdf
    • http://www.gorillawalker.com/corrosion-engineering-principles-and-practice.pdf
    • http://www.gorillawalker.com/sister-sarah-s-pick-3-dna-number-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/writing-success-your-book-from-start-to-finish-to-publication.pdf
    • http://www.gorillawalker.com/proverbs-biblia-hebraica-quinta.pdf
    • http://www.gorillawalker.com/a-pre-apprenticeship-maths-and-literacy-for-general-construction.pdf
    • http://www.gorillawalker.com/catch-the-wave-experience-the-thrill-of-spirit-empowered-living.pdf
    • http://www.gorillawalker.com/the-universe-in-black-and-white-a-plain-and-simple.pdf
    • http://www.gorillawalker.com/fairies-calendar-2003.pdf
    • http://www.gorillawalker.com/abell-s-exploration-of-the-universe-abell-s-exploration-of.pdf
    • http://www.gorillawalker.com/accounting-and-finance-for-non-specialists-includes-myaccountinglab.pdf
    • http://www.gorillawalker.com/jim-marshall-proof.pdf
    • http://www.gorillawalker.com/reprint-1963-yearbook-ontario-high-school-ontario-oregon.pdf
    • http://www.gorillawalker.com/52-amazing-science-experiments-52-series.pdf
    • http://www.gorillawalker.com/thomas-jefferson-s-america.pdf
    • http://www.gorillawalker.com/logic-and-discrete-mathematics-a-concise-introduction-solutions-manual-wiley.pdf
    • http://www.gorillawalker.com/more-wandering-stars-an-anthology-of-outstanding-stories-of-jewish.pdf
    • http://www.gorillawalker.com/friedrich-der-grosse-und-der-conflict-mit-seinem-vater-zur.pdf
    • http://www.gorillawalker.com/fifty-miles-from-tomorrow-a-memoir-of-alaska-and-the.pdf
    • http://www.gorillawalker.com/college-physics-a-strategic-approach-3rd-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.