Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d96359530722dbb…

MALICIOUS

PDF

42.6 KB Created: 2018-11-23 08:01:04 +03:00 Authoring application: QuarkXPress(R) 7.01
MD5: 8c76ed4af39eb83c3c41d0bf26341ad5 SHA-1: e64d9cb7cc1958f85803c894571aaa27b0f930f1 SHA-256: 5d96359530722dbb2e5da8ad5f3c6effa1def791bec5eac553d8c242584ff923
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files, identified by the PDF_SEO_LINK_FARM heuristic. This suggests the document is part of a link farm or SEO manipulation tactic. The ML classifier and ClamAV detection further support its malicious nature, though the specific payload or intent beyond link distribution is unclear.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7264399-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7264399-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beyond-time-book-two-of-the-highland-secret-series-volume.pdf
    • http://www.gorillawalker.com/rituals-of-war-the-body-and-violence-in-mesopotamia.pdf
    • http://www.gorillawalker.com/bowl-with-bryant.pdf
    • http://www.gorillawalker.com/computational-single-electronics-computational-microelectronics.pdf
    • http://www.gorillawalker.com/the-rice-queen-spy.pdf
    • http://www.gorillawalker.com/encarta-dictionary-with-cd-rom.pdf
    • http://www.gorillawalker.com/directing-the-documentary-third-edition.pdf
    • http://www.gorillawalker.com/my-first-computer.pdf
    • http://www.gorillawalker.com/wasted-efforts.pdf
    • http://www.gorillawalker.com/introduction-to-the-prophets-their-stories-sayings-and-scrolls.pdf
    • http://www.gorillawalker.com/hypnotherapy-explained.pdf
    • http://www.gorillawalker.com/cuidado-con-los-cuentos-de-lobos-beware-of-the-storybook.pdf
    • http://www.gorillawalker.com/dunkirk-crescendo-zion-covenant.pdf
    • http://www.gorillawalker.com/harmonics-and-power-systems-electric-power-engineering.pdf
    • http://www.gorillawalker.com/by-douglas-l-mann-heart-failure-a-companion-to-braunwald.pdf
    • http://www.gorillawalker.com/traditions-encounters-volume-2-from-1500-to-the-present.pdf
    • http://www.gorillawalker.com/hendrix-setting-the-record-straight.pdf
    • http://www.gorillawalker.com/creatures-of-the-sky-wild-age.pdf
    • http://www.gorillawalker.com/educational-research-competencies-for-analysis-and-applications.pdf
    • http://www.gorillawalker.com/the-interpersonal-world-of-the-infant-a-view-from-psychoanalysis.pdf
    • http://www.gorillawalker.com/grid-integration-and-dynamic-impact-of-wind-energy-power-electronics.pdf
    • http://www.gorillawalker.com/letters-to-auntie-fori-the-5-000-year-history-of.pdf
    • http://www.gorillawalker.com/translation-strategies.pdf
    • http://www.gorillawalker.com/journey-across-the-life-span-human-development-and-health-promotion.pdf
    • http://www.gorillawalker.com/hope-solidarity-jon-sobrino-s-challenge-to-christian-theology.pdf
    • http://www.gorillawalker.com/a-defeat-for-creationism-an-article-from-skeptic-altadena-ca.pdf
    • http://www.gorillawalker.com/exercise-for-aging-adults-a-guide-for-practitioners.pdf
    • http://www.gorillawalker.com/the-quantum-theory-of-fields-volume-1-foundations.pdf
    • http://www.gorillawalker.com/global-energy-shifts-fostering-sustainability-in-a-turbulent-age.pdf
    • http://www.gorillawalker.com/clinical-studies-in-psychiatry-norton-library.pdf
    • http://www.gorillawalker.com/poverty-in-america-an-encyclopedia.pdf
    • http://www.gorillawalker.com/feast-of-fools-morganville-vampires.pdf
    • http://www.gorillawalker.com/rehearsing-critical-connections-for-the-instrumental-music-conductor.pdf
    • http://www.gorillawalker.com/visualizing-nutrition-everyday-choices-2e-binder-ready-version-with-booklet.pdf
    • http://www.gorillawalker.com/my-very-first-book-of-animal-sounds.pdf
    • http://www.gorillawalker.com/the-cast-iron-skillet-cookbook-a-tantalizing-collection-of-over.pdf
    • http://www.gorillawalker.com/modern-strategy-for-preclinical-pharmaceutical-r-d-towards-the-virtual.pdf
    • http://www.gorillawalker.com/don-t-say-ain-t.pdf
    • http://www.gorillawalker.com/cch-red-green-purple-2015-16-smarteca-digital.pdf
    • http://www.gorillawalker.com/the-classic-whisky-handbook-an-essential-companion-to-the-world.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.