Malicious PDF — malware analysis report

Static analysis result for SHA-256 4742cc3eb9b1a323…

MALICIOUS

PDF

43.8 KB Created: 2018-12-15 20:01:50 +03:00 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)
MD5: 05c232ecd22878fd5d1b80db742a9991 SHA-1: de535a0ea27ee5d75f321ac4d7abaa7199f3e497 SHA-256: 4742cc3eb9b1a3234a9347c69e34a8596abfc1356f323c6ab5adf27136f88cde
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by ClamAV as Pdf.Dropper.Agent-7142790-0 and a machine learning classifier indicated a high probability of maliciousness. The primary heuristic firing, PDF_SEO_LINK_FARM, indicates the presence of a large number of external links, with the first URL being http://www.gorillawalker.com/leni-riefenstahl-a-memoir.pdf. This suggests the document's purpose is to host a link farm for SEO manipulation or to direct users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7142790-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142790-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/leni-riefenstahl-a-memoir.pdf
    • http://www.gorillawalker.com/god-or-godless-one-atheist-one-christian-twenty-controversial-questions.pdf
    • http://www.gorillawalker.com/the-right-seat-officer-development-beyond-the-textbook-volume-2.pdf
    • http://www.gorillawalker.com/the-ultimate-tinnitus-cure-guide-natural-methods-to-cure-tinnitus.pdf
    • http://www.gorillawalker.com/dunwoody-pond-reflections-on-the-high-plains-wetlands-cultivations-of.pdf
    • http://www.gorillawalker.com/il-ribelle-italian-edition.pdf
    • http://www.gorillawalker.com/oxford-bible-atlas-by-curtis-adrian-oxford-university-press-2009.pdf
    • http://www.gorillawalker.com/starting-a-medical-practice.pdf
    • http://www.gorillawalker.com/aeolian-sand-and-sand-dunes-research-texts-in-sedimentology.pdf
    • http://www.gorillawalker.com/strategies-for-college-writing-a-rhetorical-reader.pdf
    • http://www.gorillawalker.com/citizenship-between-past-and-future.pdf
    • http://www.gorillawalker.com/reflexion-sur-les-questions-juives-french-edition.pdf
    • http://www.gorillawalker.com/la-pasi-n-y-muerte-de-nuestro-se-or-jesucristo.pdf
    • http://www.gorillawalker.com/underwater-diving-basic-techniques.pdf
    • http://www.gorillawalker.com/using-the-naive-doctor-lesbian-doctor-sex.pdf
    • http://www.gorillawalker.com/jar-of-fools-a-picture-story.pdf
    • http://www.gorillawalker.com/high-frequency-over-the-horizon-radar-fundamental-principles-signal-processing.pdf
    • http://www.gorillawalker.com/grammar-practice-book-grade-1-grammar-practice-book.pdf
    • http://www.gorillawalker.com/magnesium-the-miracle-mineral.pdf
    • http://www.gorillawalker.com/other-side-of-the-river-the-complete-series-kindle-edition.pdf
    • http://www.gorillawalker.com/success-at-statistics-a-worktext-with-humor.pdf
    • http://www.gorillawalker.com/paddling-routes-of-north-central-saskatchewan.pdf
    • http://www.gorillawalker.com/visual-discrimination-grades-2-8.pdf
    • http://www.gorillawalker.com/magic-johnson-black-americans-of-achievement.pdf
    • http://www.gorillawalker.com/prompt-gamma-neutron-activation-analysis.pdf
    • http://www.gorillawalker.com/both-sides-of-the-wire-the-memoir-of-an-australian.pdf
    • http://www.gorillawalker.com/complex-legal-documents-microsoft-word-2013-tilde-i-skills-i.pdf
    • http://www.gorillawalker.com/rembrandt-s-faith-church-and-temple-in-the-dutch-golden.pdf
    • http://www.gorillawalker.com/playwriting-the-first-workshop.pdf
    • http://www.gorillawalker.com/madness-and-murder-implications-for-the-psychiatric-disciplines.pdf
    • http://www.gorillawalker.com/scientific-astrophotography-how-amateurs-can-generate-and-use-professional-imaging.pdf
    • http://www.gorillawalker.com/beef-cattle-systems-and-sustainable-agriculture-measuring-sustainable-cattle-systems.pdf
    • http://www.gorillawalker.com/violin-cd-grade-8-2016-2019.pdf
    • http://www.gorillawalker.com/centre-and-periphery-in-the-ancient-world-new-directions-in.pdf
    • http://www.gorillawalker.com/mathematik-f-r-biologen-german-edition.pdf
    • http://www.gorillawalker.com/survival-emergency-preparedness-skills-seps-mental-physical-spiritual-readiness-for.pdf
    • http://www.gorillawalker.com/the-digital-city-the-american-metropolis-and-information-technology.pdf
    • http://www.gorillawalker.com/blind-descent-anna-pigeon.pdf
    • http://www.gorillawalker.com/the-brachial-plexus-volume-14-hand-and-upper-hand-upper.pdf
    • http://www.gorillawalker.com/academic-writing-a-handbook-for-international-students.pdf
    • http://www.gorillawalker.com/the-u
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.