Malicious PDF — malware analysis report

Static analysis result for SHA-256 5c18c54ef2f762c2…

MALICIOUS

PDF

43.0 KB Created: 2019-03-17 07:04:07 +03:00 Authoring application: ZonBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: fdc5a54b7e45f5eb191a0ccd12dc0357 SHA-1: 42cb9b0a8abd2c6c73683b929ac4421b19481f73 SHA-256: 5c18c54ef2f762c2a6ba320e873dd1629cbe740ab1c10660289a306997b9846d
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document is designed to drive traffic to these external resources, potentially for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier and ClamAV detection further support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7417369-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7417369-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/precalculus-mymathlab-edition-package-8th-edition.pdf
    • http://www.gorillawalker.com/mila-van-manta-houghton-equation.pdf
    • http://www.gorillawalker.com/remodeling-2003-costbook-remodeling-costbook.pdf
    • http://www.gorillawalker.com/camouflage-erotische-geschichten-german-edition.pdf
    • http://www.gorillawalker.com/dostoevsky-s-the-idiot-and-the-ethical-foundations-of-narrative.pdf
    • http://www.gorillawalker.com/partings-at-dawn-an-anthology-of-japanese-gay-literature.pdf
    • http://www.gorillawalker.com/layout-background-walt-disney-animation-archives.pdf
    • http://www.gorillawalker.com/instructor-s-resource-manual-walter-fleming-second-edition-precalculus-mathematics.pdf
    • http://www.gorillawalker.com/her-naughty-show.pdf
    • http://www.gorillawalker.com/physicists-on-wall-street-and-other-essays-on-science-and.pdf
    • http://www.gorillawalker.com/the-big-curmudgeon-2-500-outrageously-irreverent-quotations-from-world.pdf
    • http://www.gorillawalker.com/the-mediterranean-diet-health-and-science.pdf
    • http://www.gorillawalker.com/basel-iii-credit-rating-systems-an-applied-guide-to-quantitative.pdf
    • http://www.gorillawalker.com/yo-cayetana-spanish-edition.pdf
    • http://www.gorillawalker.com/guidelines-for-the-assessment-of-general-damages-in-personal-injury.pdf
    • http://www.gorillawalker.com/conditional-reasoning-the-unruly-syntactics-semantics-thematics-and-pragmatics-of.pdf
    • http://www.gorillawalker.com/the-pussy-trap-3-wahida-clark-presents.pdf
    • http://www.gorillawalker.com/blood-and-splendor-the-lives-of-five-tyrants-from-nero.pdf
    • http://www.gorillawalker.com/sensation-overload-kinky-interracial-bdsm-bwwm-erotica-from-steam-books.pdf
    • http://www.gorillawalker.com/description-of-hepatitis-b-virus-genotypes-in-selected-groups-of.pdf
    • http://www.gorillawalker.com/icd-10-2016-snapshot-coding-card-dental-oms.pdf
    • http://www.gorillawalker.com/crickets-seedlings.pdf
    • http://www.gorillawalker.com/essential-classic-x-men-vol-3-marvel-essentials.pdf
    • http://www.gorillawalker.com/tolstoy-s-war-and-peace-a-study.pdf
    • http://www.gorillawalker.com/environmental-site-assessment-phase-i-a-basic-guide-second-edition.pdf
    • http://www.gorillawalker.com/spectacular-star-designs-dover-design-coloring-books.pdf
    • http://www.gorillawalker.com/trust-and-distrust-in-organizations-dilemmas-and-approaches-the-russell.pdf
    • http://www.gorillawalker.com/harvey-s-elementary-grammar-and-composition.pdf
    • http://www.gorillawalker.com/structures-and-dynamics-of-asphaltenes.pdf
    • http://www.gorillawalker.com/handbook-of-nonmedical-applications-of-liposomes-volume-i-theory-and.pdf
    • http://www.gorillawalker.com/nkba-professional-resource-library-9-volume-set.pdf
    • http://www.gorillawalker.com/titanic-25.pdf
    • http://www.gorillawalker.com/afaq-i-m-trapped-in-india.pdf
    • http://www.gorillawalker.com/six-coffins-kindle-edition.pdf
    • http://www.gorillawalker.com/performa.pdf
    • http://www.gorillawalker.com/build-your-own-pc-third-edition.pdf
    • http://www.gorillawalker.com/israel-business-law-handbook-strategic-information-and-basic-laws-world.pdf
    • http://www.gorillawalker.com/meditation-2016-wall-calendar.pdf
    • http://www.gorillawalker.com/exploring-the-future.pdf
    • http://www.gorillawalker.com/god-s-wild-herbs-identifying-and-using-121-plants-found.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.