Malicious PDF — malware analysis report

Static analysis result for SHA-256 1d69ecad9ffc60eb…

MALICIOUS

PDF

43.5 KB Created: 2018-12-15 20:01:09 +03:00 Authoring application: Microsoft Word: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 23eb167dddc9a1ede1f8875e46ea9170 SHA-1: 12d143f480f65b7591e5821d192c7d37ea1f392c SHA-256: 1d69ecad9ffc60ebff92e51156680ae4f1b1ded60b5c5f446777ed893618e871
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was identified as malicious by a machine learning classifier and ClamAV, which detected it as Pdf.Dropper.Agent-7142156-0. The primary heuristic firing indicates a PDF SEO link farm, with 32 external PDF links embedded within the document, predominantly hosted on www.gorillawalker.com. This suggests the document's purpose is to distribute a large number of links, likely for SEO manipulation or to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7142156-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142156-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-book-of-tobit-the-text-in-aramaic-hebrew-and.pdf
    • http://www.gorillawalker.com/the-last-campaign-of-marianne-tambour-a-novel-of-waterloo.pdf
    • http://www.gorillawalker.com/how-to-use-the-internet-to-advertise-promote-and-market.pdf
    • http://www.gorillawalker.com/phaedra-saturn-2-an-erotic-romance-science-fiction-novella-the.pdf
    • http://www.gorillawalker.com/benin-city-the-edo-state-capital.pdf
    • http://www.gorillawalker.com/law-and-profits.pdf
    • http://www.gorillawalker.com/navigating-the-legal-minefield-of-private-investigations.pdf
    • http://www.gorillawalker.com/numerical-modeling-of-explosives-and-propellants-second-edition.pdf
    • http://www.gorillawalker.com/touching-feeling-affect-pedagogy-performativity-series-q.pdf
    • http://www.gorillawalker.com/the-art-of-war-the-essential-translation-of-the-classic.pdf
    • http://www.gorillawalker.com/a-mencken-chrestomathy-his-own-selection-of-his-choicest-writing.pdf
    • http://www.gorillawalker.com/life-death-planning-for-retirement-benefits-7th-ed-2011.pdf
    • http://www.gorillawalker.com/just-a-minute-math-reproducible-grades-1-8.pdf
    • http://www.gorillawalker.com/dental-morphology-an-illustrated-guide-1e.pdf
    • http://www.gorillawalker.com/you-are-worth-more-than-rubies-366-devotions.pdf
    • http://www.gorillawalker.com/the-little-black-classics-beautiful-cassandra.pdf
    • http://www.gorillawalker.com/koban-rise-of-the-kobani-volume-3.pdf
    • http://www.gorillawalker.com/magical-mystery-tour-the-album-collection.pdf
    • http://www.gorillawalker.com/visiting-in-a-nursing-home-continuing-care-series-unknown-binding.pdf
    • http://www.gorillawalker.com/berlitz-korean-phrase-book-cd-english-and-korean-edition.pdf
    • http://www.gorillawalker.com/the-mystery-of-edwin-drood-vocal-selections.pdf
    • http://www.gorillawalker.com/business-systems-analyst-passbooks-career-examination-passbooks.pdf
    • http://www.gorillawalker.com/cliffsnotes-rica-2nd-edition.pdf
    • http://www.gorillawalker.com/the-mammoth-book-of-best-british-crime-11-mammoth-books.pdf
    • http://www.gorillawalker.com/river-of-gold-precolumbian-treasures-from-sitio-conte.pdf
    • http://www.gorillawalker.com/iphoto-imovie-and-other-useful-mac-programs-for-seniors-get.pdf
    • http://www.gorillawalker.com/experience-the-best-indian-slow-cooker-recipes-get-the-true.pdf
    • http://www.gorillawalker.com/logo-3-grun-pupil-book.pdf
    • http://www.gorillawalker.com/a-little-fleet-kindle-edition.pdf
    • http://www.gorillawalker.com/crockpot-freezer-meals-100-freezer-recipes-for-slow-cooking-crockpot.pdf
    • http://www.gorillawalker.com/funktionelle-sonographie-in-gyn-kologie-und-reproduktionsmedizin-morphologie-physiologie-pathologie.pdf
    • http://www.gorillawalker.com/dynamic-science-for-the-australian-curriculum-year-10-teacher-edition.pdf
    • http://www.gorillawalker.com/noah-and-the-ark-pocket-bible-stories.pdf
    • http://www.gorillawalker.com/chemical-analysis-of-electroplating-solution.pdf
    • http://www.gorillawalker.com/the-battle-of-yorktown-the-american-revolution.pdf
    • http://www.gorillawalker.com/the-story-of-graphic-design.pdf
    • http://www.gorillawalker.com/the-art-of-asking-how-i-learned-to-stop-worrying.pdf
    • http://www.gorillawalker.com/ages-stages-questionnaires-in-spanish-third-edition-asq-3-tm.pdf
    • http://www.gorillawalker.com/road-to-the-top-a-systematic-approach-to-training-distance.pdf
    • http://www.gorillawalker.com/wild-heart-werewolves-of-forever-texas-3-siren-publishing-menage.pdf
    • http://www.gorillawalker.com/naviga
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.