Malicious PDF — malware analysis report

Static analysis result for SHA-256 0f88144e84dc1b6e…

MALICIOUS

PDF

42.4 KB Created: 2018-12-11 20:45:09 +03:00 Authoring application: Microsoft Word 8.0 (via Acrobat Distiller 4.0 for Windows)
MD5: b20b4c158412d70cd82f4ea0671ed131 SHA-1: 50ba884ef322cedfb3210bb8beb3867110d3eef4 SHA-256: 0f88144e84dc1b6ebc779d53148cba2d3c867f1682482f0f87262446be592a5b
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links to other PDF documents, a technique often used for SEO manipulation or to distribute further malicious content. ClamAV and ML heuristics confirm the malicious nature of the file, flagging it as a dropper. The embedded URLs are the primary IOCs, suggesting a link farm or content distribution strategy.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7140698-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140698-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/creating-unforgettable-characters-1st-first-edition-by-seger-linda-1990.pdf
    • http://www.gorillawalker.com/penguin-classics-three-elizabethan-domestic-tragedies.pdf
    • http://www.gorillawalker.com/evidence-based-healthcare-how-to-make-health-policy-and-management.pdf
    • http://www.gorillawalker.com/study-guide-for-brigham-houston-s-fundamentals-of-financial-management.pdf
    • http://www.gorillawalker.com/body-fluids-laboratory-examination-of-amniotic-cerebrospinal-seminal-serous-synovial.pdf
    • http://www.gorillawalker.com/family-life-now-census-update-books-a-la-carte-edition.pdf
    • http://www.gorillawalker.com/the-real-estate-agent-master-the-art-of-real-estate.pdf
    • http://www.gorillawalker.com/marble-dust-the-life-of-elisabet-ney.pdf
    • http://www.gorillawalker.com/a-constant-struggle-african-american-history-1619-1865.pdf
    • http://www.gorillawalker.com/literature-and-integrated-studies-grade-six.pdf
    • http://www.gorillawalker.com/tales-from-makye-ame-tibetan-restaurant.pdf
    • http://www.gorillawalker.com/japanese-from-zero-1-proven-techniques-to-learn-japanese-for.pdf
    • http://www.gorillawalker.com/fiete-stolte-hotel-absence.pdf
    • http://www.gorillawalker.com/euthanasia-the-moral-issues-contemporary-issues-in-philosophy.pdf
    • http://www.gorillawalker.com/electronic-collaborators-learner-centered-technologies-for-literacy-apprenticeship-and-discourse.pdf
    • http://www.gorillawalker.com/educating-noah.pdf
    • http://www.gorillawalker.com/simple-low-cost-wire-antennas-for-radio-amateurs.pdf
    • http://www.gorillawalker.com/hamilton-hornets-2007-wales-tour.pdf
    • http://www.gorillawalker.com/the-circulation-of-children-kinship-adoption-and-morality-in-andean.pdf
    • http://www.gorillawalker.com/how-to-brew-your-own-beer.pdf
    • http://www.gorillawalker.com/iggie-the-talking-iguana.pdf
    • http://www.gorillawalker.com/seinte-katerine-early-english-text-society-supplementary-series.pdf
    • http://www.gorillawalker.com/english-toy-china.pdf
    • http://www.gorillawalker.com/imperial-media-colonial-networks-and-information-technologies-in-the-british.pdf
    • http://www.gorillawalker.com/don-t-spoil-my-beautiful-face-media-mayhem-human-rights.pdf
    • http://www.gorillawalker.com/becoming-lady-lockwood-kindle-edition.pdf
    • http://www.gorillawalker.com/pace-picante-sauce-40th-anniversary-recipe-collection-a-treasury-of.pdf
    • http://www.gorillawalker.com/genghis-khan-biography-for-kids-just-the-facts-book-12.pdf
    • http://www.gorillawalker.com/a-dictionary-of-judeo-moroccan-hebrew-edition.pdf
    • http://www.gorillawalker.com/healing-your-life-lessons-on-the-path-of-ayurveda.pdf
    • http://www.gorillawalker.com/the-silent-heart-a-personal-journey-back-from-cardiac-arrest.pdf
    • http://www.gorillawalker.com/beasts-adl-erotic-shifter-paranormal-romance.pdf
    • http://www.gorillawalker.com/curtains-a-design-sourcebook.pdf
    • http://www.gorillawalker.com/the-gifted-uprising-the-gifted-series-volume-2.pdf
    • http://www.gorillawalker.com/fast-fasting-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/globalized-fatherhood-fertility-reproduction-and-sexuality.pdf
    • http://www.gorillawalker.com/hotel-front-office-a-training-manual.pdf
    • http://www.gorillawalker.com/soduko-300-puzzles.pdf
    • http://www.gorillawalker.com/student-solutions-manual-with-study-guide-for-poole-s-linear.pdf
    • http://www.gorillawalker.com/grandmother-s-guide-to-praying-for-her-family-a.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.