Malicious PDF — malware analysis report

Static analysis result for SHA-256 611bc7ed54e0ee96…

MALICIOUS

PDF

34.7 KB Created: 2019-08-07 05:46:15 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0 (Windows))
MD5: c0c3fd6bcdc5c3083edcb345c42da28f SHA-1: cb5aa557dbf137bb5f00470473678d32edd0f445 SHA-256: 611bc7ed54e0ee96e437010e875abd66bc8b903c6f88f415e2208047366d570b
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7126347-0 and a machine learning classifier. The primary heuristic indicates a large number of external PDF links, suggesting a link farm or a method to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8477

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7126347-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7126347-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/environmental-impact-analysis-handbook.pdf
    • http://www.gorillawalker.com/execution-the-discipline-of-getting-things-done.pdf
    • http://www.gorillawalker.com/cinematography-for-directors-a-guide-for-creative-collaboration.pdf
    • http://www.gorillawalker.com/new-york-free-things-to-do-the-freebies-and-discounts.pdf
    • http://www.gorillawalker.com/the-best-ever-book-of-umpire-jokes-lots-and-lots.pdf
    • http://www.gorillawalker.com/going-kosher-a-guide-to-healthy-kosher-eating-kindle-edition.pdf
    • http://www.gorillawalker.com/the-conduct-of-inquiry-in-international-relations-philosophy-of-science.pdf
    • http://www.gorillawalker.com/staging-the-court-of-burgundy-studies-in-medieval-and-early.pdf
    • http://www.gorillawalker.com/art-education-and-african-american-culture-albert-barnes-and-the.pdf
    • http://www.gorillawalker.com/atlas-of-normal-radiographic-anatomy-and-anatomic-variants-in-the.pdf
    • http://www.gorillawalker.com/magic-lantern-guides-nikon-d300-d700-multimedia-workshop.pdf
    • http://www.gorillawalker.com/artists-in-offices-an-ethnography-of-an-academic-art-scene.pdf
    • http://www.gorillawalker.com/black-ajax.pdf
    • http://www.gorillawalker.com/saudi-arabia-construction-contract-award-for-planned-700-000-metric.pdf
    • http://www.gorillawalker.com/a-day-in-the-budwig-diet-the-book-learn-dr.pdf
    • http://www.gorillawalker.com/evidence-emanuel-crunchtime-4th-edition.pdf
    • http://www.gorillawalker.com/men-in-green-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/admission-register-of-central-state-hospital-milledgeville-georgia-1842-1861.pdf
    • http://www.gorillawalker.com/bond-english-assessment-papers-12-13-years.pdf
    • http://www.gorillawalker.com/halflings-the-halflings-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/punk-rock-saved-my-ass.pdf
    • http://www.gorillawalker.com/el-asesino-hipocondr-aco-the-hypochondriac-murderer-spanish-edition.pdf
    • http://www.gorillawalker.com/impact-mathematics-algebra-and-more-for-the-middle-grades-course.pdf
    • http://www.gorillawalker.com/becoming-beauty.pdf
    • http://www.gorillawalker.com/adventure-coaching-a-guidebook-for-action-based-success-kindle-edition.pdf
    • http://www.gorillawalker.com/further-topics-on-discrete-time-markov-control-processes-stochastic-modelling.pdf
    • http://www.gorillawalker.com/kremlin-wives-the-secret-lives-of-the-women-behind-the.pdf
    • http://www.gorillawalker.com/sled-driver-flying-the-world-s-fastest-jet.pdf
    • http://www.gorillawalker.com/the-history-of-the-drake-family-and-the-times-they.pdf
    • http://www.gorillawalker.com/chew-on-this-31-biblical-devotions-into-the-heart-of.pdf
    • http://www.gorillawalker.com/the-most-dangerous-thing.pdf
    • http://www.gorillawalker.com/myths-and-legends-of-all-nations-famous-stories-from-the.pdf
    • http://www.gorillawalker.com/fantasmagoriana-tales-of-the-dead.pdf
    • http://www.gorillawalker.com/maeda-yuuki-yuuki-no-karada-vol2-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/georgina-campbell-s-jameson-dublin-guide-dublin-s-finest-places.pdf
    • http://www.gorillawalker.com/dane-the-capital-county-madison-the-capital-city-of-wisconsin.pdf
    • http://www.gorillawalker.com/divine-comedy-vol-2-purgatory.pdf
    • http://www.gorillawalker.com/ill-equipped-for-a-life-of-sex-a-memoir.pdf
    • http://www.gorillawalker.com/more-fearless-change-strategies-for-making-your-ideas-happen.pdf
    • http://www.gorillawalker.com/mrcp-1-best-of-five-multiple-choice-revision-book.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.