Malicious PDF — malware analysis report

Static analysis result for SHA-256 39ef01808ae95333…

MALICIOUS

PDF

41.4 KB Created: 2018-12-02 10:55:43 +03:00 Authoring application: QuarkXPress¢â: LaserWriter 8 KH-8.7.1 (via Acrobat Distiller 4.05 for Macintosh)
MD5: fd44bcfb62595e4af3002f0953c06680 SHA-1: d090bfe8538b34f2c27aa2a09ef176a1eaa5cd90 SHA-256: 39ef01808ae95333aa0b324f94063107b4948e07f687c9aff2f0d771300edbca
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by multiple heuristics, including a critical finding for a PDF link farm containing 32 external links, and a machine learning classifier with a high confidence score. ClamAV also detected it as Pdf.Dropper.Agent. The embedded URLs, all pointing to the same domain with book-related slugs, suggest a lure to a site hosting further malicious content or phishing pages. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7250603-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7250603-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/at-the-beach-house-a-guest-book.pdf
    • http://www.gorillawalker.com/careers-auditor.pdf
    • http://www.gorillawalker.com/les-saveurs-de-la-gr-ce-recettes-de-rena-de.pdf
    • http://www.gorillawalker.com/the-politics-of-human-rights-a-global-perspective-human-security.pdf
    • http://www.gorillawalker.com/triad-book-five-of-the-courtland-chronicles.pdf
    • http://www.gorillawalker.com/gullivers-travels-translation-pubulisher-chinese-edition.pdf
    • http://www.gorillawalker.com/when-johnny-comes-marching-home-music-of-the-civil-war.pdf
    • http://www.gorillawalker.com/comptia-strata-green-it-certblaster-ilt.pdf
    • http://www.gorillawalker.com/engravings-by-hogarth-dover-fine-art-history-of-art.pdf
    • http://www.gorillawalker.com/kurdish-phrasebook-and-culture-a-beginner-s-guide-to-developing.pdf
    • http://www.gorillawalker.com/ethics-and-public-administration-bureaucracies-public-administration-and-public-policy.pdf
    • http://www.gorillawalker.com/messenger-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/mosby-s-textbook-for-nursing-assistants-soft-cover-version-text.pdf
    • http://www.gorillawalker.com/shakespeare-stories-hamlet.pdf
    • http://www.gorillawalker.com/dave-matthews-band-busted-stuff-play-it-like-it-is.pdf
    • http://www.gorillawalker.com/shtf-race-wars-episode-two-an-ongoing-shtf-survival-series.pdf
    • http://www.gorillawalker.com/angels-the-messengers-of-god.pdf
    • http://www.gorillawalker.com/fearful-symmetry-the-search-for-beauty-in-modern-physics.pdf
    • http://www.gorillawalker.com/the-last-boyfriend-inn-boonsboro-trilogy.pdf
    • http://www.gorillawalker.com/the-consequences.pdf
    • http://www.gorillawalker.com/hockey-the-greatest-players.pdf
    • http://www.gorillawalker.com/thanks-be-to-thee-o-lord-keyboard-organ-or-piano.pdf
    • http://www.gorillawalker.com/skinny-dips-great-party-dips-dippers-that-are-secretly-healthy.pdf
    • http://www.gorillawalker.com/the-development-of-the-american-presidency.pdf
    • http://www.gorillawalker.com/refugio-trilogia-enclave-spanish-edition.pdf
    • http://www.gorillawalker.com/wharton-revisited.pdf
    • http://www.gorillawalker.com/ssh-the-secure-shell-the-definitive-guide.pdf
    • http://www.gorillawalker.com/social-darwinism-paperback.pdf
    • http://www.gorillawalker.com/the-question-of-gender-joan-w-scott-s-critical-feminism.pdf
    • http://www.gorillawalker.com/sharpen-your-tactics-1125-brilliant-sacrifices-combinations-and-studies.pdf
    • http://www.gorillawalker.com/kramers-ergot-vol-1-1-kramers-ergot-1.pdf
    • http://www.gorillawalker.com/a-latin-legacy.pdf
    • http://www.gorillawalker.com/german-sniper-rifles-propaganda-photo-hardcover-2011-author-albrecht-wacker.pdf
    • http://www.gorillawalker.com/relativistic-quantum-mechanics-fundamental-theories-of-physics.pdf
    • http://www.gorillawalker.com/an-introduction-to-watercolor-dk-art-school.pdf
    • http://www.gorillawalker.com/prayers-for-difficult-times-journal.pdf
    • http://www.gorillawalker.com/how-to-take-a-patient-s-medical-history-a-handbook.pdf
    • http://www.gorillawalker.com/dinghy-cruising.pdf
    • http://www.gorillawalker.com/food-allergies-for-dummies-paperback-2007-author-robert-a-wood.pdf
    • http://www.gorillawalker.com/xianggang-li-shi-tu-shuo-mandarin-chinese-edition.pdf
    • http://www.gorillawalker.com/tr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.