Malicious PDF — malware analysis report

Static analysis result for SHA-256 48329ad29ca028de…

MALICIOUS

PDF

34.8 KB Created: 2019-05-24 00:42:22 +03:00 Authoring application: - (via ABBYY FineReader 9.0 Sprint)
MD5: d9cf5f9cbd02c6a6cd638f25a55eb4d6 SHA-1: d82f89784c726fdc1e6172950cf627ad014c2e19 SHA-256: 48329ad29ca028ded7d2234e3ce5befdb63c569ada61f37e283657f5783eeb3f
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by ClamAV as Pdf.Dropper.Agent-7146850-0 and a machine learning classifier. The critical heuristic PDF_SEO_LINK_FARM indicates the presence of a large number of external links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links points towards a malicious intent, likely to distribute further malware or engage in phishing. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7146850-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7146850-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/montenegro-travel-guide-attractions-eating-drinking-shopping-places-to-stay.pdf
    • http://www.gorillawalker.com/mary-the-contemplative.pdf
    • http://www.gorillawalker.com/the-cup-and-the-crown-silver-bowl.pdf
    • http://www.gorillawalker.com/the-longings-and-limits-of-global-citizenship-education-the-moral.pdf
    • http://www.gorillawalker.com/the-essential-guide-to-chakras-discover-the-healing-power-of.pdf
    • http://www.gorillawalker.com/laboratory-manual-for-principles-of-general-chemistry-6th-edition.pdf
    • http://www.gorillawalker.com/publishing-101-a-first-time-author-s-guide-to-getting.pdf
    • http://www.gorillawalker.com/woodcock-johnson-iv-reports-recommendations-and-strategies.pdf
    • http://www.gorillawalker.com/princes-of-darkness-the-lives-of-luftwaffe-night-fighter-aces.pdf
    • http://www.gorillawalker.com/watch-the-shadows.pdf
    • http://www.gorillawalker.com/high-court-case-summaries-on-business-associations-keyed-to-klein.pdf
    • http://www.gorillawalker.com/two-kinds-of-knowledge.pdf
    • http://www.gorillawalker.com/the-sports-lawyers-journal-volume-21-number-1-spring-2014.pdf
    • http://www.gorillawalker.com/air-and-water-super-science-experiments.pdf
    • http://www.gorillawalker.com/tiara-club-at-silver-towers-11-princess-sophia-and-the.pdf
    • http://www.gorillawalker.com/football-hooliganism-fan-behaviour-and-crime-contemporary-issues.pdf
    • http://www.gorillawalker.com/buttermilk-sky-thorndike-press-large-print-christian-historical-fiction.pdf
    • http://www.gorillawalker.com/education-2-0-the-learningweb-revolution-and-the-transformation-of.pdf
    • http://www.gorillawalker.com/la-milagrosa-dieta-del-ph-para-la-diabetes-salud-y.pdf
    • http://www.gorillawalker.com/jobs-almanac-1997-adams-jobs-almanac.pdf
    • http://www.gorillawalker.com/llangollen-and-montgomery-canals-waterways-world-canal-guides.pdf
    • http://www.gorillawalker.com/straight-from-the-heart-my-life-in-politics-and-other.pdf
    • http://www.gorillawalker.com/maharsi-durvasa-and-sri-durvasa-asrama-kindle-edition.pdf
    • http://www.gorillawalker.com/build-your-vocabulary-1-lower-intermediate.pdf
    • http://www.gorillawalker.com/a-comprehensive-treatment-of-q-calculus.pdf
    • http://www.gorillawalker.com/panzerwrecks-2-german-armour-1944-45.pdf
    • http://www.gorillawalker.com/aston-martin-speed-machines.pdf
    • http://www.gorillawalker.com/astrometeorology-planetary-power-in-weather-forecasting.pdf
    • http://www.gorillawalker.com/de-allodiis-imperii-romanian-edition.pdf
    • http://www.gorillawalker.com/studyguide-for-fundamentals-of-microelectronics-by-razavi-behzad.pdf
    • http://www.gorillawalker.com/haunted-encounters-the-livingston-institution-paranormal-horror-erotica-book-1.pdf
    • http://www.gorillawalker.com/european-wind-energy-conference-1984-proceedings.pdf
    • http://www.gorillawalker.com/st-john-s-church-lafayette-square-the-history-and-heritage.pdf
    • http://www.gorillawalker.com/the-nature-of-love-courtly-and-romantic-the-irving-singer.pdf
    • http://www.gorillawalker.com/paleo-for-restaurants-don-t-lose-customers-when-they-reject.pdf
    • http://www.gorillawalker.com/family-gram-memoirs-of-an-american-cold-war-submariner.pdf
    • http://www.gorillawalker.com/reader-s-digest-write-better-speak-better.pdf
    • http://www.gorillawalker.com/belgian-bliss-for-woodwind-quintet-score-and-parts.pdf
    • http://www.gorillawalker.com/the-air-up-there-more-great-quotations-on-flight.pdf
    • http://www.gorillawalker.com/fast-attack-submarine-the-seawolf-class-high-tech-military-weapons.pdf
    • http://www.gorillawalker.com/high-court-cas
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.