Malicious PDF — malware analysis report

Static analysis result for SHA-256 5337c8f31811a471…

MALICIOUS

PDF

45.3 KB Created: 2019-01-06 08:11:29 +03:00 Authoring application: AH Formatter V5.3 MR1 for Windows (via Acrobat Distiller 8.1.0 (Windows))
MD5: 20240bb3c44ad9d2d132e08758d3805f SHA-1: 9fff0e6711a3ff0e8a1bafa3494f06ec367d95ee SHA-256: 5337c8f31811a471fd06d038877a2f5597607d2ea3e11e8567479f03c9d38d5e
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7147266-0 and a machine learning classifier. The heuristic PDF_SEO_LINK_FARM indicates a large number of embedded external links, suggesting a link farm or a distribution point for further malicious content. The document body contains numerous URLs pointing to PDFs on the same domain, reinforcing the link farm hypothesis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7147266-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7147266-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/death-by-haunting-7-josiah-reynolds-mystery-josiah-reynolds-mysteries.pdf
    • http://www.gorillawalker.com/cognitive-linguistics-basic-readings-mouton-reader.pdf
    • http://www.gorillawalker.com/the-creative-destruction-of-medicine-audiobook-the-creative-destruction-of.pdf
    • http://www.gorillawalker.com/medical-billing-networks-and-processes-profitable-and-compliant-revenue-cycle.pdf
    • http://www.gorillawalker.com/from-swing-to-soul-an-illustrated-history-of-african-american.pdf
    • http://www.gorillawalker.com/the-syntax-of-french-cambridge-syntax-guides.pdf
    • http://www.gorillawalker.com/cities-a-novella.pdf
    • http://www.gorillawalker.com/adam-clayton-powell-jr-the-political-biography-of-an-american.pdf
    • http://www.gorillawalker.com/sing-a-novel-of-colorado-book-two-of-the-homeward.pdf
    • http://www.gorillawalker.com/tratado-treatise-spanish-edition.pdf
    • http://www.gorillawalker.com/atlantis-revelation.pdf
    • http://www.gorillawalker.com/dark-eyes-doctor-who.pdf
    • http://www.gorillawalker.com/fields-of-battle-terrain-in-military-history-geojournal-library.pdf
    • http://www.gorillawalker.com/choosing-books-for-children-a-commonsense-guide.pdf
    • http://www.gorillawalker.com/if-curriculum-kit-trading-your-if-only-regrets-for-god.pdf
    • http://www.gorillawalker.com/alicia-en-el-pa-s-de-las-maravillas-ilustrado-nueva.pdf
    • http://www.gorillawalker.com/le-5-leggi-biologiche-la-pelle-e-le-allergie-cutanee.pdf
    • http://www.gorillawalker.com/the-secrets-to-single-parenting-success-in-the-21st-century.pdf
    • http://www.gorillawalker.com/sheer-city-young-naked-women-mila-evans-is-the-babe.pdf
    • http://www.gorillawalker.com/people-politics-and-child-welfare-in-british-columbia.pdf
    • http://www.gorillawalker.com/beachcomber-s-guide-to-florida-marine-life.pdf
    • http://www.gorillawalker.com/succeeding-in-the-world-of-work-teacher.pdf
    • http://www.gorillawalker.com/cinderella-or-cyberella-empowering-women-in-the-knowledge-society.pdf
    • http://www.gorillawalker.com/scientific-aspects-of-dental-materials.pdf
    • http://www.gorillawalker.com/the-forbes-guide-to-paying-for-college-kindle-edition.pdf
    • http://www.gorillawalker.com/the-violent-years-prohibition-and-the-detroit-mobs.pdf
    • http://www.gorillawalker.com/waddles-the-frog.pdf
    • http://www.gorillawalker.com/the-agronomy-and-economy-of-turmeric-and-ginger-the-invaluable.pdf
    • http://www.gorillawalker.com/biological-investigations-form-function-diversity-and-process-8e-customized-for.pdf
    • http://www.gorillawalker.com/caught-in-the-net-kindle-edition.pdf
    • http://www.gorillawalker.com/comparative-governments-and-politics-including-case-studies-of-britain-brazil.pdf
    • http://www.gorillawalker.com/his-needs-her-needs-audiobook-cd-unabridged-publisher-revell-unabridged.pdf
    • http://www.gorillawalker.com/advertisement-chevrolet-bel-air-sport-sedan.pdf
    • http://www.gorillawalker.com/ley-garrote-roca-editorial-criminal-spanish-edition.pdf
    • http://www.gorillawalker.com/constricted-beyond-the-brothel-walls.pdf
    • http://www.gorillawalker.com/richard-hundley-ten-songs-for-high-voice-and-piano.pdf
    • http://www.gorillawalker.com/planking-techniques-for-model-ship-builders.pdf
    • http://www.gorillawalker.com/seeing-god-through-the-ordinary-lenten-devotions-kindle-edition.pdf
    • http://www.gorillawalker.com/sermons-for-revival.pdf
    • http://www.gorillawalker.com/aggregates-in-the-netherlands-to-2015-market-databook-download-pdf.pdf
    • http://www.gorillawalker.com/ad
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.