Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d5a0c3293c121c7…

MALICIOUS

PDF

42.7 KB Created: 2018-12-15 08:52:58 +03:00 Authoring application: QuarkXPress(tm) 6.1
MD5: 07b9a8f36332c13bf6594976fc7269cc SHA-1: a4916ffa139bdc5df645dc65ff8b4389fc92af30 SHA-256: 5d5a0c3293c121c7816d27fb84837e5509c0b2cf75bc2c98f0779e9cb2fb602c
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. This suggests the document's primary purpose is to act as a link farm, potentially for SEO manipulation or to redirect users to other malicious content. The ML classifier and ClamAV detection further support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7264339-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7264339-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pangasinan-philippines.pdf
    • http://www.gorillawalker.com/contrastive-analysis-in-language-identifying-linguistic-units-of-comparison.pdf
    • http://www.gorillawalker.com/caught-prepared-25-simple-steps-to-protect-your-family-in.pdf
    • http://www.gorillawalker.com/a-century-of-movie-posters-from-silent-to-art-house.pdf
    • http://www.gorillawalker.com/detection-and-monitoring-of-water-hyacinth-eichhornia-crassipes-infestation-in.pdf
    • http://www.gorillawalker.com/wounded-healer-frontiers-in-psychotherapy.pdf
    • http://www.gorillawalker.com/soul-numerology-a-guidebook-that-will-help-you-find-out.pdf
    • http://www.gorillawalker.com/a-visual-introduction-to-sql.pdf
    • http://www.gorillawalker.com/jean-renoir-quality-paperbacks-series.pdf
    • http://www.gorillawalker.com/alexanders-saga-am-519a-4-in-the-arnamagn-an-collection.pdf
    • http://www.gorillawalker.com/visualizing-quaternions-the-morgan-kaufmann-series-in-interactive-3d-technology.pdf
    • http://www.gorillawalker.com/chambers-combined-dictionary-thesaurus.pdf
    • http://www.gorillawalker.com/the-sociology-of-health-healing-and-illness-6th-edition.pdf
    • http://www.gorillawalker.com/sf-express-the-2009-mla-update-edition-2nd-edition.pdf
    • http://www.gorillawalker.com/gold-mining-in-the-21st-century.pdf
    • http://www.gorillawalker.com/zayd-the-rose-that-bloomed-in-captivity-leading-companions-of.pdf
    • http://www.gorillawalker.com/the-digest-of-justinian-volume-4.pdf
    • http://www.gorillawalker.com/aamt-book-of-style-student-workbook-practical-application-and-assessment.pdf
    • http://www.gorillawalker.com/taming-the-wolf-noire-passion.pdf
    • http://www.gorillawalker.com/diabetes-und-schwangerschaft-german-edition.pdf
    • http://www.gorillawalker.com/time-train-to-ancient-rome-usborne-puzzle-adventures.pdf
    • http://www.gorillawalker.com/i-smell-like-ham-single-titles.pdf
    • http://www.gorillawalker.com/metallurgical-thermochemistry-fifth-edition-international-series-on-materials-science-and.pdf
    • http://www.gorillawalker.com/la-venganza-escocesa-serie-escuela-de-se-oritas-iii-spanish.pdf
    • http://www.gorillawalker.com/monster-bucks.pdf
    • http://www.gorillawalker.com/betty-crocker-tackles-diabetes-carbohydrates-are-down-for-the-count.pdf
    • http://www.gorillawalker.com/double-trouble-an-erotic-romance.pdf
    • http://www.gorillawalker.com/geek-high.pdf
    • http://www.gorillawalker.com/the-show-must-go-on-popular-song-in-britain-during.pdf
    • http://www.gorillawalker.com/afternoons-with-puppy-kindle-edition.pdf
    • http://www.gorillawalker.com/basic-microbiology-seventh-edition.pdf
    • http://www.gorillawalker.com/games-of-no-chance-4-mathematical-sciences-research-institute-publications.pdf
    • http://www.gorillawalker.com/genndy-tartakovsky-from-russia-to-coming-of-age-animator-legends.pdf
    • http://www.gorillawalker.com/france-gay-guide-p-spartacus-france-gay-guides.pdf
    • http://www.gorillawalker.com/standard-form-of-agreement-sfa-99.pdf
    • http://www.gorillawalker.com/1000-best-short-games-of-chess.pdf
    • http://www.gorillawalker.com/pastor-ized-the-cr-me-de-la-cr-me-agency.pdf
    • http://www.gorillawalker.com/atualidade-do-cristianismo-gn-stico.pdf
    • http://www.gorillawalker.com/loving-the-norseman-the-hansen-series-rydar-grier.pdf
    • http://www.gorillawalker.com/endocrine-neuroendocrine-mechanisms-of-aging-crc-series-in-aging.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.