Malicious PDF — malware analysis report

Static analysis result for SHA-256 0d0e16eb68e4bee5…

MALICIOUS

PDF

33.9 KB Created: 2019-05-24 00:41:41 +03:00 Authoring application: Pdf995 (via GNU Ghostscript 7.05)
MD5: b8bf8f101b2bbb4e70bf3986b8b5425c SHA-1: 74376f2dd8698d5e31d97c441f6d9c9f1592f015 SHA-256: 0d0e16eb68e4bee54534a6946950d6266f503d8c25e63f4fb5b923af1b2ba058
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a large number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to distribute malware. ClamAV identified this as a 'Pdf.Dropper.Agent', suggesting it's designed to drop or lead to malicious content. The ML classifier also flagged it with high confidence. While no scripts were explicitly extracted, the heuristic 'PDF_SEO_LINK_FARM' indicates the primary malicious function is the mass linking.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7393080-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7393080-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/doctrine-and-covenants-stories.pdf
    • http://www.gorillawalker.com/best-habits-to-organize-your-day-time-management-techniques-to.pdf
    • http://www.gorillawalker.com/a-wilder-west-rodeo-in-western-canada.pdf
    • http://www.gorillawalker.com/ready-for-anything.pdf
    • http://www.gorillawalker.com/the-silent-revolution-in-lebanon-changing-values-of-the-youth.pdf
    • http://www.gorillawalker.com/wild-dogs-nutters-london-to-iran-buggering-around-book-2.pdf
    • http://www.gorillawalker.com/sightlines-a-conversation-with-the-natural-world-kindle-edition.pdf
    • http://www.gorillawalker.com/noche-de-la-noche-mi-ni-o-children-s-spanish.pdf
    • http://www.gorillawalker.com/seasonal-allergies-help-from-nature-eliminating-allergies-food-allergies-autoimmune.pdf
    • http://www.gorillawalker.com/the-coptic-tapestry-albums-and-the-archaeologist-of-antino-albert.pdf
    • http://www.gorillawalker.com/clinical-symposia-volume-15-number-2-april-may-june-1963.pdf
    • http://www.gorillawalker.com/their-silence-a-language.pdf
    • http://www.gorillawalker.com/faa-h-8083-30-atb-a-p-general-handbook-paperback.pdf
    • http://www.gorillawalker.com/the-greatest-greek-yogurt-diet-recipes-your-cookbook-guide-to.pdf
    • http://www.gorillawalker.com/making-india-colonialism-national-culture-and-the-afterlife-of-indian.pdf
    • http://www.gorillawalker.com/transgender-christians-in-chains.pdf
    • http://www.gorillawalker.com/spitfires-thunderbolts-and-warm-beer-an-american-fighter-pilot-over.pdf
    • http://www.gorillawalker.com/the-adult-hip-the-adult-hip-hip-preservation-surgery-arthroplasty.pdf
    • http://www.gorillawalker.com/smart-cycling-successful-training-and-racing-for-riders-of-all.pdf
    • http://www.gorillawalker.com/believer-s-hymn-book-music-edition.pdf
    • http://www.gorillawalker.com/beyond-yin-yang.pdf
    • http://www.gorillawalker.com/guide-to-effective-staff-development-in-health-care-organizations-a.pdf
    • http://www.gorillawalker.com/mississippian-village-textiles-at-wickliffe.pdf
    • http://www.gorillawalker.com/symphony-no2-b-flat-major-d-125-study-score.pdf
    • http://www.gorillawalker.com/everybody-else-adoption-and-the-politics-of-domestic-diversity-in.pdf
    • http://www.gorillawalker.com/spiritualism-and-the-new-psychology.pdf
    • http://www.gorillawalker.com/statistical-computation-for-environmental-sciences-in-r-lab-manual-for.pdf
    • http://www.gorillawalker.com/tourism-between-place-and-performance.pdf
    • http://www.gorillawalker.com/the-laws-of-solon-a-new-edition-with-introduction-translation.pdf
    • http://www.gorillawalker.com/choreography-in-musical-comedy-and-revue-on-the-new-york.pdf
    • http://www.gorillawalker.com/under-fire-the-story-of-a-squad-le-feu.pdf
    • http://www.gorillawalker.com/istanbul-1900-art-nouveau-architecture-and-interiors.pdf
    • http://www.gorillawalker.com/major-bus-and-coach-fleets-wales-v-6.pdf
    • http://www.gorillawalker.com/angel-blessings-messages-from-heaven.pdf
    • http://www.gorillawalker.com/le-plateau-central-marocain-et-ses-bordures-etude-geomorphologique.pdf
    • http://www.gorillawalker.com/joy-despair-and-hope-reading-psalms-kindle-edition.pdf
    • http://www.gorillawalker.com/irish-women-in-medicine-c-1880s-1920s-origins-education-and.pdf
    • http://www.gorillawalker.com/complete-tile.pdf
    • http://www.gorillawalker.com/mike-massey-s-world-of-trick-shots.pdf
    • http://www.gorillawalker.com/a-handbook-of-tcm-urology-male-sexual-dysfunction.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.