Malicious PDF — malware analysis report

Static analysis result for SHA-256 449ae3577fa29f2e…

MALICIOUS

PDF

43.0 KB Created: 2019-05-05 01:45:49 +03:00 Authoring application: - (via GPL Ghostscript 8.70)
MD5: 6226236f700b24d49188d7db35e7d2de SHA-1: c24c84ed58cce1338827e0fbe3943c2d10db3fe2 SHA-256: 449ae3577fa29f2eb5e80d076c6263a58389c60a4532dc26c1cd668cd3b3470c
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, identified by the PDF_SEO_LINK_FARM heuristic. This suggests the primary purpose is to direct users to a wide array of URLs, potentially for SEO manipulation or to serve as a distribution point for further malicious content. The ClamAV detection as Pdf.Dropper.Agent-9663796-0 further confirms its malicious nature. No scripts were extracted from this sample.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-9663796-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9663796-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/music-theory-ukulele-chord-theory-circle-of-fifths-fully-explained.pdf
    • http://www.gorillawalker.com/20-20-is-not-enough-the-new-world-of-vision.pdf
    • http://www.gorillawalker.com/sunset-at-blandings.pdf
    • http://www.gorillawalker.com/lacy-sweet-historical-western-romance-pendleton-petticoats-book-5.pdf
    • http://www.gorillawalker.com/ghost-voyages-ii-the-matthew.pdf
    • http://www.gorillawalker.com/iran-enchantment-of-the-world-second-series.pdf
    • http://www.gorillawalker.com/american-medical-informatics-association-webster-s-timeline-history-1990-2007.pdf
    • http://www.gorillawalker.com/post-capitalist-society.pdf
    • http://www.gorillawalker.com/the-calhoun-women-amanda-lilah-a-man-for-amanda-for.pdf
    • http://www.gorillawalker.com/recent-developments-in-automotive-audio-systems-sp-701-s-p.pdf
    • http://www.gorillawalker.com/treating-male-impotence-the-natural-way-a-man-s-guide.pdf
    • http://www.gorillawalker.com/the-napoleon-of-crime-the-life-and-times-of-adam.pdf
    • http://www.gorillawalker.com/eating-disorders-hope-for-hungering-souls.pdf
    • http://www.gorillawalker.com/ich-blogg-dich-weg-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/old-comedy-and-the-iambographic-tradition-resources-for-biblical-study.pdf
    • http://www.gorillawalker.com/national-aeronautics-and-space-administration-nasa-background-issues-bibliography.pdf
    • http://www.gorillawalker.com/glimmerglass-a-faeriewalker-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/the-21st-century-lifeskills-handbook-health-and-safety.pdf
    • http://www.gorillawalker.com/classic-lateral-thinking-challenges.pdf
    • http://www.gorillawalker.com/neurologic-examination.pdf
    • http://www.gorillawalker.com/a-survey-of-lie-groups-and-lie-algebra-with-applications.pdf
    • http://www.gorillawalker.com/applied-imagination-principles-and-procedures-of-creative-writing.pdf
    • http://www.gorillawalker.com/the-boys-own-book-or-indoor-sports-and-choice-parlor.pdf
    • http://www.gorillawalker.com/banana-pi-cookbook.pdf
    • http://www.gorillawalker.com/serving-the-whole-person-the-practice-and-understanding-of-diakonia.pdf
    • http://www.gorillawalker.com/young-men-with-horny-dicks-size-doesn-t-matter-or.pdf
    • http://www.gorillawalker.com/atomic-layer-deposition-for-semiconductors-kindle-edition.pdf
    • http://www.gorillawalker.com/dark-shepherd-the-art-of-fred-gambino.pdf
    • http://www.gorillawalker.com/vocal-score-of-patience-or-bunthorne-s-bride-etc.pdf
    • http://www.gorillawalker.com/the-mammoth-book-of-pulp-action-mammoth-books.pdf
    • http://www.gorillawalker.com/lady-of-valor.pdf
    • http://www.gorillawalker.com/cum-for-me.pdf
    • http://www.gorillawalker.com/student-instrumental-course-clarinet-student-level-iii-advanced-intermediate.pdf
    • http://www.gorillawalker.com/principles-of-adsorption-and-reaction-on-solid-surfaces.pdf
    • http://www.gorillawalker.com/mindful-learning-101-proven-strategies-for-student-and-teacher-success.pdf
    • http://www.gorillawalker.com/marrying-cuba.pdf
    • http://www.gorillawalker.com/nelson-mandela-great-figures-in-history-series.pdf
    • http://www.gorillawalker.com/poetry-of-the-victorian-period-3rd-edition.pdf
    • http://www.gorillawalker.com/coffee-with-calvin-daily-devotions-paperback.pdf
    • http://www.gorillawalker.com/sonography-tech-quickstudy-academic.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.