Malicious PDF — malware analysis report

Static analysis result for SHA-256 6837a33349e6ce6a…

MALICIOUS

PDF

45.0 KB Created: 2018-11-23 08:05:47 +03:00 Authoring application: Writer (via OpenOffice.org 3.2)
MD5: f68ed5fec059f04140f3011d4f52696e SHA-1: e42495bae4a00f91e63954f38e9c97af84d59dca SHA-256: 6837a33349e6ce6a002f8da2141d33210366e38263c7045f4ab9b1461bcc8f61
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by ClamAV as Pdf.Dropper.Agent and an ML classifier indicated a high probability of maliciousness. The primary heuristic identified a large number of external PDF links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the embedded URLs point to a domain hosting numerous PDF files, indicating a potential distribution or redirection mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7126349-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7126349-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/heaven-burning-electric-action-international-underworld-asian-mysticism-noah-reid.pdf
    • http://www.gorillawalker.com/music-for-three-vol-1-baroque-classical-romantic-favorites-keyboard.pdf
    • http://www.gorillawalker.com/sizzling-ghost-stories-erotic-paranormal-anthology-kindle-edition.pdf
    • http://www.gorillawalker.com/measuring-customer-service-effectiveness.pdf
    • http://www.gorillawalker.com/censorship-of-japanese-films-during-the-u-s-occupation-of.pdf
    • http://www.gorillawalker.com/cutting-the-fuse-the-explosion-of-global-suicide-terrorism-and.pdf
    • http://www.gorillawalker.com/all-your-friends-like-this-how-social-networks-took-over.pdf
    • http://www.gorillawalker.com/quivers-a-life.pdf
    • http://www.gorillawalker.com/the-image-of-jews-in-contemporary-china-an-identity-without.pdf
    • http://www.gorillawalker.com/a-history-of-inventions-and-discoveries-alphabetically-arranged-1827.pdf
    • http://www.gorillawalker.com/portraits-of-wittgenstein.pdf
    • http://www.gorillawalker.com/merciless-gods.pdf
    • http://www.gorillawalker.com/chicken-soup-for-the-bride-s-soul-stories-of-love.pdf
    • http://www.gorillawalker.com/the-everything-guide-to-the-autoimmune-diet-restore-your-immune.pdf
    • http://www.gorillawalker.com/forensic-science-handbook-volume-ii.pdf
    • http://www.gorillawalker.com/two-hundred-eyes-exhibitionism-multiple-partner-menage-the-erotic-adventures.pdf
    • http://www.gorillawalker.com/bringing-reggio-emilia-home-an-innovative-approach-to-early-childhood.pdf
    • http://www.gorillawalker.com/tales-from-the-brothers-grimm-and-the-sisters-weird-magic.pdf
    • http://www.gorillawalker.com/social-psychology-sociological-perspectives-2nd-edition.pdf
    • http://www.gorillawalker.com/controlling-chemicals-the-politics-of-regulation-in-europe-and-the.pdf
    • http://www.gorillawalker.com/inbound-commerce-how-to-sell-better-than-amazon.pdf
    • http://www.gorillawalker.com/applied-dynamics-in-engineering.pdf
    • http://www.gorillawalker.com/international-economics-theory-and-policy-10th-edition-pearson-series-in.pdf
    • http://www.gorillawalker.com/autism-a-comprehensive-occupational-therapy-approach-3rd-edition.pdf
    • http://www.gorillawalker.com/fashion-for-profit-10th-edition-from-design-concept-to-apparel.pdf
    • http://www.gorillawalker.com/heroic-literature-in-medieval-scandinavia-an-entry-from-gale-s.pdf
    • http://www.gorillawalker.com/stilwell-s-britain-bed-breakfast-2001.pdf
    • http://www.gorillawalker.com/interpreting-basic-statistics.pdf
    • http://www.gorillawalker.com/natural-disasters-true-tales-children-s-press.pdf
    • http://www.gorillawalker.com/jazz-folk-songs-for-choirs-9-songs-from-around-the.pdf
    • http://www.gorillawalker.com/bunnicula-in-a-box-bunnicula-howliday-inn-the-celery-stalks.pdf
    • http://www.gorillawalker.com/demonstration-elections-u-s-staged-elections-in-the-dominican-republic.pdf
    • http://www.gorillawalker.com/berlitz-tallinn-pocket-guide-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/rigby-on-our-way-to-english-bookroom-package-grade-2.pdf
    • http://www.gorillawalker.com/biogeochemistry-treatise-on-geochemistry-volume-8.pdf
    • http://www.gorillawalker.com/the-subtlety-of-understanding.pdf
    • http://www.gorillawalker.com/the-monastery-of-saint-catherine-in-sinai-history-and-guide.pdf
    • http://www.gorillawalker.com/best-walks-in-northern-snowdonia.pdf
    • http://www.gorillawalker.com/22-dead-little-bodies-a-logan-and-steel-short-novel.pdf
    • http://www.gorillawalker.com/be-well-be-safe-be-u-bring-the-noise-my.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.