Malicious PDF — malware analysis report

Static analysis result for SHA-256 3231a0f645387713…

MALICIOUS

PDF

45.2 KB Created: 2018-12-28 08:09:15 +03:00 Authoring application: Writer (via OpenOffice.org 1.1.2)
MD5: 0daaf61e1ac5e19c07d974395c758c6b SHA-1: 57f2090c285d85549d61ff58b08268a8c816971f SHA-256: 3231a0f645387713907aab37816853856632e3fea201b30dc564f96bab63973c
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDF documents. This suggests a link farm or SEO poisoning attack. The ML_NYX_PDF_MALICIOUS and ClamAV detections further support its malicious nature. No scripts were extracted from this sample, but the sheer volume of links indicates a likely attempt to manipulate search results or redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7210828-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7210828-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/performance-and-evolution-in-the-age-of-darwin-out-of.pdf
    • http://www.gorillawalker.com/the-landscape-of-home-a-rocky-mountain-land-series-reader.pdf
    • http://www.gorillawalker.com/dailan-kifki-spanish-edition.pdf
    • http://www.gorillawalker.com/the-leading-rogue-state-the-u-s-and-human-rights.pdf
    • http://www.gorillawalker.com/time-alone-zelina-2-time-alone-amazon-edition-book-9.pdf
    • http://www.gorillawalker.com/the-collected-ghost-stories-of-oliver-onions.pdf
    • http://www.gorillawalker.com/edward-taylors-harmony-of-the-gospels-early-american-literary-and.pdf
    • http://www.gorillawalker.com/kidcollectors-the-incredible-collecting-book.pdf
    • http://www.gorillawalker.com/study-guide-for-the-board-of-certification-inc-entry-level.pdf
    • http://www.gorillawalker.com/an-african-american-in-south-africa-the-travel-notes-of.pdf
    • http://www.gorillawalker.com/milano-milan.pdf
    • http://www.gorillawalker.com/soaring-free-club-of-dominance-6-siren-publishing-menage-everlasting.pdf
    • http://www.gorillawalker.com/history-of-ancient-olympic-games.pdf
    • http://www.gorillawalker.com/electron-microscopic-studies-of-the-hemagglutination-inhibition-h-i-test.pdf
    • http://www.gorillawalker.com/geek-drama-geek-girl.pdf
    • http://www.gorillawalker.com/the-illustrations-of-the-maqamat-chicago-visual-library-studies-in.pdf
    • http://www.gorillawalker.com/kaplan-gre-exam-2007-2008-comprehensive-program.pdf
    • http://www.gorillawalker.com/surf-baseball-card-collectibles-orioles.pdf
    • http://www.gorillawalker.com/a-practical-programming-model-for-the-multi-core-era-international.pdf
    • http://www.gorillawalker.com/born-to-run-japanese-edition.pdf
    • http://www.gorillawalker.com/the-nazis-a-warning-from-history-by-rees-laurence-2006.pdf
    • http://www.gorillawalker.com/the-little-black-songbook-johnny-cash-best-of-the-american.pdf
    • http://www.gorillawalker.com/lesbian-lives-in-soviet-and-post-soviet-russia-post-socialism.pdf
    • http://www.gorillawalker.com/maternity-nursing-text-and-e-book-package-an-introductory-text.pdf
    • http://www.gorillawalker.com/conversations-for-action-and-collected-essays-instilling-a-culture-of.pdf
    • http://www.gorillawalker.com/contemporary-wedding-photography.pdf
    • http://www.gorillawalker.com/the-tourist-of-zenda-a-royal-romantic-comedy-unabridged-audible.pdf
    • http://www.gorillawalker.com/seducing-c-c.pdf
    • http://www.gorillawalker.com/databook-of-antistatics.pdf
    • http://www.gorillawalker.com/aleta-and-the-queen-a-tale-of-ancient-greece-tales.pdf
    • http://www.gorillawalker.com/blue-ridge-scenic-railway-images-of-rail.pdf
    • http://www.gorillawalker.com/philanthropy-fund-raising-and-the-american-capital-campaign-a-practical.pdf
    • http://www.gorillawalker.com/engineering-digital-design-revised-second-edition.pdf
    • http://www.gorillawalker.com/regaining-command-the-command-book-3.pdf
    • http://www.gorillawalker.com/tasting-darkness-tasting-light.pdf
    • http://www.gorillawalker.com/contemporary-diagnosis-and-mangement-of-breast-cancer.pdf
    • http://www.gorillawalker.com/contract-and-related-obligation-theory-doctrine-and-practice-american-casebook.pdf
    • http://www.gorillawalker.com/prince-igor-overture-full-score-a1337.pdf
    • http://www.gorillawalker.com/new-york-test-prep-common-core-quiz-book-language-grade.pdf
    • http://www.gorillawalker.com/bundle-chambliss-making-sense-of-the-social-world-4e-spss.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.