Malicious PDF — malware analysis report

Static analysis result for SHA-256 59b3750a09a9e3e6…

MALICIOUS

PDF

41.7 KB Created: 2018-12-14 20:07:10 +03:00 Authoring application: PrimoPDF http://www.primopdf.com/ (via PrimoPDF)
MD5: 30d7d241562afd10d029c8b1aaff9b7d SHA-1: 20ba0e9ea4ccaa4c666bc36103c23e0f1e4d2d12 SHA-256: 59b3750a09a9e3e62ae9a216e2634e9c443441ada5178c38e0ab20e46b91554d
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by multiple heuristics, including a critical finding for a large number of external links hosted within a small PDF file. The ML classifier also indicated a high probability of maliciousness. The embedded URLs point to a domain that appears to be used for hosting numerous PDF files, suggesting a link farm or a distribution point for potentially malicious content. The ClamAV detection as 'Pdf.Dropper.Agent' further supports its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7147418-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7147418-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-doctor-s-borneo.pdf
    • http://www.gorillawalker.com/the-birth-of-modern-britain-1780-1914-longman-advanced-history.pdf
    • http://www.gorillawalker.com/tastes-and-temptations-food-and-art-in-renaissance-italy.pdf
    • http://www.gorillawalker.com/no-excuses-art-journaling-making-time-for-creativity.pdf
    • http://www.gorillawalker.com/extreme-boats-machine-mania.pdf
    • http://www.gorillawalker.com/the-soul-at-rest.pdf
    • http://www.gorillawalker.com/health-activism-foundations-and-strategies.pdf
    • http://www.gorillawalker.com/naming-evil-judging-evil.pdf
    • http://www.gorillawalker.com/basics-of-dental-technology-a-step-by-step-approach.pdf
    • http://www.gorillawalker.com/gershwin-for-piano-piano-solos.pdf
    • http://www.gorillawalker.com/opening-standards-the-global-politics-of-interoperability-the-information-society.pdf
    • http://www.gorillawalker.com/matlab-symbolic-algebra-and-calculus-tools.pdf
    • http://www.gorillawalker.com/biographies-of-modern-inventors.pdf
    • http://www.gorillawalker.com/alligator-bayou.pdf
    • http://www.gorillawalker.com/the-staircase-studies-of-hazards-falls-and-safer-design.pdf
    • http://www.gorillawalker.com/a-concise-guide-to-observational-studies-in-healthcare.pdf
    • http://www.gorillawalker.com/a-red-in-the-house-the-unauthorized-memoir-of-s.pdf
    • http://www.gorillawalker.com/coaching-youth-football-the-guide-for-coaches-and-parents-bargain.pdf
    • http://www.gorillawalker.com/itin-raire-de-paris-j-rusalem-et-de-j-rusalem.pdf
    • http://www.gorillawalker.com/cedac-a-tool-for-continuous-systematic-improvement.pdf
    • http://www.gorillawalker.com/elijah-s-ultimate-guide-to-disney-california-adventure-park-for.pdf
    • http://www.gorillawalker.com/cross-curricular-teaching-and-learning-in-the-secondary-school.pdf
    • http://www.gorillawalker.com/love-will-always-find-you.pdf
    • http://www.gorillawalker.com/colon-health-the-key-to-a-vibrant-life-by-walker.pdf
    • http://www.gorillawalker.com/ggplot2-elegant-graphics-for-data-analysis-use-r-kindle-edition.pdf
    • http://www.gorillawalker.com/bone-ivory-and-horn-identifying-natural-materials.pdf
    • http://www.gorillawalker.com/ten-east-devon-coastal-walks.pdf
    • http://www.gorillawalker.com/giant-african-snail-animal-invaders.pdf
    • http://www.gorillawalker.com/nursing-research-in-context-appreciation-application-and-professional-development.pdf
    • http://www.gorillawalker.com/collected-screenplays-faber-screenplays.pdf
    • http://www.gorillawalker.com/where-good-ideas-come-from-publisher-riverhead-hardcover-1st-first.pdf
    • http://www.gorillawalker.com/better-safe-than-sued-keeping-out-of-trouble-in-youth.pdf
    • http://www.gorillawalker.com/boscos-vells-mature-forests-english-and-catalan-edition.pdf
    • http://www.gorillawalker.com/the-seven-wonders-of-the-world.pdf
    • http://www.gorillawalker.com/dialogues-of-the-buddha-kindle-edition.pdf
    • http://www.gorillawalker.com/silicon-soul.pdf
    • http://www.gorillawalker.com/journal-of-construction-engineering-and-management-vol-110-no-2.pdf
    • http://www.gorillawalker.com/full-blown-me-and-my-bipolar-family.pdf
    • http://www.gorillawalker.com/angela-of-foligno-complete-works-classics-of-western-spirituality.pdf
    • http://www.gorillawalker.com/the-american-women-s-movement-1945-2000-a-brief-history.pdf
    • http://www.primopdf.com/
    • http://www.gorillawalker.com/opening-standards-the-global-p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.