Malicious PDF — malware analysis report

Static analysis result for SHA-256 650d5c6d6587b08f…

MALICIOUS

PDF

41.9 KB Created: 2018-11-25 20:21:50 +03:00 Authoring application: - (via Foxit Phantom Printer Version 3.0.3.0804)
MD5: a1fd9e6fce83bc3dcadff5b5a0218130 SHA-1: 63a82bb09b8524cfa0b84950d5367ea4ae0b2b83 SHA-256: 650d5c6d6587b08f9cb0008c4cd21c15f3736dd3f1172cffd0130c9b781bcf3f
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the same domain, suggesting a link farm or content distribution strategy. The ML classifier and ClamAV detection further support its malicious nature, classifying it as a PDF dropper.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7267591-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7267591-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cuckold-in-the-cabin-cuckold-hot-wife-xxx-erotica.pdf
    • http://www.gorillawalker.com/collins-primary-geography-atlas-for-the-middle-east.pdf
    • http://www.gorillawalker.com/sanctified-through-the-truth-the-assurance-of-our-salvation-studies.pdf
    • http://www.gorillawalker.com/the-amos-n-andy-show-volume-three.pdf
    • http://www.gorillawalker.com/losing-the-dead-virago-modern-classics.pdf
    • http://www.gorillawalker.com/gwendolyn-goes-hollywood.pdf
    • http://www.gorillawalker.com/beyond-ecophobia-reclaiming-the-heart-in-nature-education-nature-literacy.pdf
    • http://www.gorillawalker.com/stephen-king-s-contemporary-classics-reflections-on-the-modern-master.pdf
    • http://www.gorillawalker.com/watching-my-wife-submit-2-black-studs-humiliated-husband-interracial.pdf
    • http://www.gorillawalker.com/english-teacher-s-book-of-instant-word-games.pdf
    • http://www.gorillawalker.com/passporter-s-treasure-hunts-at-walt-disney-world.pdf
    • http://www.gorillawalker.com/elijah-chorus-score-kalmus-edition.pdf
    • http://www.gorillawalker.com/the-gothic-history-of-jordanes-in-english-version-scholar-s.pdf
    • http://www.gorillawalker.com/3-minute-devotions-with-andrew-murray-inspiring-devotions-and-prayers.pdf
    • http://www.gorillawalker.com/dutton-s-orthopedic-survival-guide-managing-common-conditions.pdf
    • http://www.gorillawalker.com/a-cold-silence.pdf
    • http://www.gorillawalker.com/el-libro-del-ajedrez-the-book-of-chess-spanish-edition.pdf
    • http://www.gorillawalker.com/cosmetic-claims-substantiation-cosmetic-science-and-technology.pdf
    • http://www.gorillawalker.com/succeeding-with-you-master-s-dissertation.pdf
    • http://www.gorillawalker.com/children-in-the-global-sex-trade.pdf
    • http://www.gorillawalker.com/celebration-hymnal-na.pdf
    • http://www.gorillawalker.com/ccna-3-and-4-lab-companion-cisco-networking-academy-program.pdf
    • http://www.gorillawalker.com/4-lieder-von-franz-schubert-s-375-erlk-nig-no.pdf
    • http://www.gorillawalker.com/making-rights-real-activists-bureaucrats-and-the-creation-of-the.pdf
    • http://www.gorillawalker.com/word-problems-grade-1-practice-makes-perfect.pdf
    • http://www.gorillawalker.com/suicide-tragic-choice-issues-in-focus.pdf
    • http://www.gorillawalker.com/parasitic-zoonoses-clinical-and-experimental-studies.pdf
    • http://www.gorillawalker.com/deployment-journal-for-military-spouses.pdf
    • http://www.gorillawalker.com/hay-bin-yaqzan-ibn-tufayl-al-andalusi-arabic-edition.pdf
    • http://www.gorillawalker.com/obsessive-compulsive-disorder-health-educator-report-40-kindle-edition.pdf
    • http://www.gorillawalker.com/shipwrecks-the-sinking-of-the-titanic-and-other-disasters-at.pdf
    • http://www.gorillawalker.com/michigan-proficiency-practice-tests-for-the-michigan-ecpe-revised-edition.pdf
    • http://www.gorillawalker.com/kevin-nash-turtleback-school-library-binding-edition-pro-wrestling-legends.pdf
    • http://www.gorillawalker.com/a-guide-to-early-printed-books-and-manuscripts.pdf
    • http://www.gorillawalker.com/erotica-romance-top-student-s-secret-an-erotic-free-taboo.pdf
    • http://www.gorillawalker.com/dearest-stepbrother-triple-trouble-book-2.pdf
    • http://www.gorillawalker.com/low-carbon-development-latin-american-responses-to-climate-change-latin.pdf
    • http://www.gorillawalker.com/jehovah-s-witnesses-watch-out-for-the-watchtower.pdf
    • http://www.gorillawalker.com/the-parents-pipeline-guide-plain-talk-about-teens-and-alchol.pdf
    • http://www.gorillawalker.com/vocabulary-for-success-level-c-grade-8-student-edition-paperback.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.