Malicious PDF — malware analysis report

Static analysis result for SHA-256 12ac7081e7bb5738…

MALICIOUS

PDF

40.2 KB Created: 2018-11-14 11:19:47 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.14)
MD5: 52018a762addcdf88474993b8723665f SHA-1: eb456c17dfd2cb5cbc8d07ce9fbf4a18844a434c SHA-256: 12ac7081e7bb573815830103c24beeca609da016b3f84d54c1bb7c7a845ba93c
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a significant number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the file's primary purpose is to act as a link farm or to distribute other malicious content. The ML classifier and ClamAV detection further support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8856

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7209147-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7209147-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/adulthood-aging.pdf
    • http://www.gorillawalker.com/debating-varieties-of-capitalism-a-reader.pdf
    • http://www.gorillawalker.com/quarks-leptons-and-the-big-bang-second-edition.pdf
    • http://www.gorillawalker.com/me-and-ma-gal.pdf
    • http://www.gorillawalker.com/master-the-ssat-isee-peterson-s-master-the-ssat-isee.pdf
    • http://www.gorillawalker.com/santiago-cardenas-spanish-edition.pdf
    • http://www.gorillawalker.com/the-cyclist-s-training-bible.pdf
    • http://www.gorillawalker.com/trees-of-texas-an-easy-guide-to-leaf-identification-w.pdf
    • http://www.gorillawalker.com/psi-handbook-of-business-security-securing-the-enterprise-volume-1.pdf
    • http://www.gorillawalker.com/the-house-of-rothschild-volume-1-money-s-prophets-1798.pdf
    • http://www.gorillawalker.com/how-to-bake-the-best-delicious-fudge-for-all-seasons.pdf
    • http://www.gorillawalker.com/psycho-kitties.pdf
    • http://www.gorillawalker.com/superman-batman-sorcerer-kings.pdf
    • http://www.gorillawalker.com/never-too-late-table-21-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/death-by-china-confronting-the-dragon-a-global-call-to.pdf
    • http://www.gorillawalker.com/handbook-for-travellers-in-algeria-and-tunis-algiers-oran-tlemcen.pdf
    • http://www.gorillawalker.com/150-best-federal-jobs.pdf
    • http://www.gorillawalker.com/introduction-to-learning-and-behavior-psy-361-learning.pdf
    • http://www.gorillawalker.com/foxfire-3.pdf
    • http://www.gorillawalker.com/only-the-paranoid-survive.pdf
    • http://www.gorillawalker.com/our-hawaii.pdf
    • http://www.gorillawalker.com/positive-a-novel.pdf
    • http://www.gorillawalker.com/my-stepbrother-s-baby-1.pdf
    • http://www.gorillawalker.com/the-runaway-friend-a-kirsten-mystery-american-girl-beforever-mysteries.pdf
    • http://www.gorillawalker.com/mexifornia-a-state-of-a-becoming.pdf
    • http://www.gorillawalker.com/computer-forensics-cybercriminals-laws-and-evidence.pdf
    • http://www.gorillawalker.com/the-diary-of-a-o-barnabooth-recovered-classics.pdf
    • http://www.gorillawalker.com/plastics-technology-handbook-volume-1.pdf
    • http://www.gorillawalker.com/traditional-portuguese-dinner-recipes-10-recipes-the-way-av.pdf
    • http://www.gorillawalker.com/web-development-with-java-server-pages.pdf
    • http://www.gorillawalker.com/little-fluffy-gigolo-pelu-volume-2.pdf
    • http://www.gorillawalker.com/supramolecular-chemistry-fundamentals-and-applications-advanced-textbook.pdf
    • http://www.gorillawalker.com/in-search-of-mind-essays-in-autobiography-the-alfred-p.pdf
    • http://www.gorillawalker.com/across-the-nightingale-floor-episode-1-the-sword-of-the.pdf
    • http://www.gorillawalker.com/how-to-steal-a-dog-kindle-edition.pdf
    • http://www.gorillawalker.com/a-killing-frost-river-dance-book-1.pdf
    • http://www.gorillawalker.com/public-enemies.pdf
    • http://www.gorillawalker.com/traveling-to-other-worlds-lectures-on-transpersonal-expression-in-literature.pdf
    • http://www.gorillawalker.com/pooh-and-the-philosophers-wisdom-of-pooh.pdf
    • http://www.gorillawalker.com/hell-or-high-water-macarthur-s-landing-at-inchon.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.