Malicious PDF — malware analysis report

Static analysis result for SHA-256 17ee99efca97a46d…

MALICIOUS

PDF

42.6 KB Created: 2018-12-15 08:06:39 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Acrobat Distiller 10.1.12 (Macintosh))
MD5: fa2727aff935f1508b815ebe97151e63 SHA-1: 649fcdd6bd71d2489b0236aa770fb2471361afb1 SHA-256: 17ee99efca97a46d44f6cd38557e24a6f7d1881f3a81cea5f4048b2c468fefa6
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was detected as a dropper by ClamAV and flagged by an ML classifier. The heuristic 'PDF_SEO_LINK_FARM' indicates the presence of numerous external links, suggesting a malicious intent to distribute further content or manipulate search engine results. While no scripts were explicitly extracted, the embedded URLs are the primary indicators of compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7141952-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7141952-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/veteran-horse-herbal.pdf
    • http://www.gorillawalker.com/the-small-business-marketing-bible-work-less-and-boom-your.pdf
    • http://www.gorillawalker.com/life-in-a-dolphin-pod-dolphin-worlds.pdf
    • http://www.gorillawalker.com/ecopreneurs.pdf
    • http://www.gorillawalker.com/war-wings-films-of-the-first-air-war-second-book.pdf
    • http://www.gorillawalker.com/arctic-breeze.pdf
    • http://www.gorillawalker.com/second-edition-consumer-law-2010-isbn-4887309694-japanese-import.pdf
    • http://www.gorillawalker.com/the-lore-of-spices-their-history-nature-and-uses.pdf
    • http://www.gorillawalker.com/the-pussycats-bedtime-erotica-compilations-kindle-edition.pdf
    • http://www.gorillawalker.com/evidence-trumps-belief-nurse-anesthetists-and-evidence-based-decision-making.pdf
    • http://www.gorillawalker.com/man-of-the-year-pb.pdf
    • http://www.gorillawalker.com/the-holiness-pentecostal-movement-a-comprehensive-guide-atla-bibliography-series.pdf
    • http://www.gorillawalker.com/analog-ic-design-with-low-dropout-regulators-ldos-electronic-engineering.pdf
    • http://www.gorillawalker.com/moral-sentiments-and-material-interests-the-foundations-of-cooperation-in.pdf
    • http://www.gorillawalker.com/pop-romance-for-cello.pdf
    • http://www.gorillawalker.com/large-power-steam-turbines-design-and-operation-vol-2.pdf
    • http://www.gorillawalker.com/razi-crossing.pdf
    • http://www.gorillawalker.com/truck-vehicle-dynamics-suspensions.pdf
    • http://www.gorillawalker.com/exchange-traded-funds-and-e-mini-stock-index-futures.pdf
    • http://www.gorillawalker.com/malea-fashion-district-how-successful-managers-use-financial-information-to.pdf
    • http://www.gorillawalker.com/curie-great-figures-in-history-series.pdf
    • http://www.gorillawalker.com/the-cougar-diaries-part-i.pdf
    • http://www.gorillawalker.com/fringe-benefits-m-m-straight-seduction-gay-erotica.pdf
    • http://www.gorillawalker.com/playing-a-bridge-hand-just-the-basics-teacher-s-manual.pdf
    • http://www.gorillawalker.com/composing-pictures-still-and-moving.pdf
    • http://www.gorillawalker.com/canon-eos-rebel-t3-1100d-for-dummies.pdf
    • http://www.gorillawalker.com/mugs-of-love-kindle-edition.pdf
    • http://www.gorillawalker.com/accelerate-building-strategic-agility-for-a-faster-moving-world-kindle.pdf
    • http://www.gorillawalker.com/instant-parties-everything-you-need-for-great-spur-of-the.pdf
    • http://www.gorillawalker.com/specialized-strength-training-winning-workouts-for-specific-populations.pdf
    • http://www.gorillawalker.com/transportation-in-different-places-learning-about-our-global-community.pdf
    • http://www.gorillawalker.com/king-james-bible-with-strong-s-numbers-to-linked-to.pdf
    • http://www.gorillawalker.com/the-mercenary-s-tale-in-the-company-of-men-book.pdf
    • http://www.gorillawalker.com/myprogramminglab-with-pearson-etext-access-card-for-introduction-to-java.pdf
    • http://www.gorillawalker.com/smith-wigglesworth-on-manifesting-the-divine-nature-abiding-in-power.pdf
    • http://www.gorillawalker.com/boys-in-the-pits-child-labour-in-coal-mines.pdf
    • http://www.gorillawalker.com/spider-webb-s-classic-tattoo-flash-2-bk-2.pdf
    • http://www.gorillawalker.com/alex-finch-monster-hunter-the-monster-files-book-1-kindle.pdf
    • http://www.gorillawalker.com/how-i-turned-50-into-5-million-in-country-property.pdf
    • http://www.gorillawalker.com/ultimate-questions.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.