Malicious PDF — malware analysis report

Static analysis result for SHA-256 6bb934b4e18c4b63…

MALICIOUS

PDF

43.2 KB Created: 2018-12-03 17:09:32 +03:00 Authoring application: Microsoft® Office Word 2007
MD5: 248d5ebd9b8432c3208309d9dd6cd58b SHA-1: 5ea157d5bdc7e5893985d570936295a787e9cd66 SHA-256: 6bb934b4e18c4b63320536b45f8bb5481befb244e4e29d526a85247e0287b4ca
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. ClamAV detected this file as Pdf.Dropper.Agent-7146520-0, and ML classification also flagged it as malicious. The primary attack pattern observed is the creation of a link farm, likely intended to drive traffic or distribute malware indirectly.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7146520-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7146520-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/1-iran-travel-reference-map-1-1-800-000-international.pdf
    • http://www.gorillawalker.com/francis-de-sales-essential-writings-the-crossroad-spiritual-legacy-series.pdf
    • http://www.gorillawalker.com/ethnicity-and-family-therapy-third-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/a-caregiver-s-guide-to-alzheimer-s-disease-300-tips.pdf
    • http://www.gorillawalker.com/spon-s-civil-engineering-and-highway-works-price-book-2013.pdf
    • http://www.gorillawalker.com/matthew-all-authority-in-heaven-and-on-earth-preaching-the.pdf
    • http://www.gorillawalker.com/successful-negotiating-in-a-week-a-teach-yourself-guide-teach.pdf
    • http://www.gorillawalker.com/the-scent-of-a-lie.pdf
    • http://www.gorillawalker.com/contract-and-risk-management-for-supply-chain-management-professionals.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-teaching-the-english-language-arts-co.pdf
    • http://www.gorillawalker.com/fascism-and-big-business-revised-expanded-edition.pdf
    • http://www.gorillawalker.com/mardi-gras-parades-costumes-and-parties-finding-out-about-holidays.pdf
    • http://www.gorillawalker.com/in-the-belly-of-an-ox-the-unexpected-photographic-adventures.pdf
    • http://www.gorillawalker.com/nutrition-science-and-applications-2nd-edition.pdf
    • http://www.gorillawalker.com/great-expectations-pregnancy-journal-planner.pdf
    • http://www.gorillawalker.com/h-m-s-pinafore-act-i-introduction-chorus-we-sail.pdf
    • http://www.gorillawalker.com/an-introduction-to-ai-robotics-intelligent-robotics-and-autonomous-agents.pdf
    • http://www.gorillawalker.com/crapman-vs-choclate-chip-spanish-edition.pdf
    • http://www.gorillawalker.com/honda-civic-and-crv-2001-04-haynes-repair-manuals.pdf
    • http://www.gorillawalker.com/boricuas-in-gotham-puerto-ricans-in-the-making-of-new.pdf
    • http://www.gorillawalker.com/the-process-of-research-in-psychology.pdf
    • http://www.gorillawalker.com/luxe-stockholm.pdf
    • http://www.gorillawalker.com/torts-the-civil-law-of-reparation-for-harm-done-by.pdf
    • http://www.gorillawalker.com/la-real-dimension-de-una-agresion-una-vision-politico-estrategica.pdf
    • http://www.gorillawalker.com/triplets-under-the-tree-billionaires-and-babies.pdf
    • http://www.gorillawalker.com/hypnosis-in-dentistry-a-handbook-for-clinical-use.pdf
    • http://www.gorillawalker.com/automatic-assassin.pdf
    • http://www.gorillawalker.com/recording-documentation-and-information-management-for-the-conservation-of-heritage.pdf
    • http://www.gorillawalker.com/robust-and-h-control-communications-and-control-engineering.pdf
    • http://www.gorillawalker.com/historic-haunts-of-winchester-a-ghostly-trip-through-the-past.pdf
    • http://www.gorillawalker.com/the-case-of-the-vampire-cat-21-hank-the-cowdog.pdf
    • http://www.gorillawalker.com/original-intent-the-courts-the-constitution-and-religion.pdf
    • http://www.gorillawalker.com/our-band-could-be-your-life-scenes-from-the-american.pdf
    • http://www.gorillawalker.com/ecuaciones-diferenciales-en-derivadas-parciales-spanish-edition.pdf
    • http://www.gorillawalker.com/opera-desire-disease-death-texts-and-contexts.pdf
    • http://www.gorillawalker.com/prospects-for-pragmatism-essays-in-memory-of-f-p-ramsey.pdf
    • http://www.gorillawalker.com/dying-to-win-jennie-mcgrady-mysteries-book-6-the-jennie.pdf
    • http://www.gorillawalker.com/c-s-lewis-s-list-the-ten-books-that-influenced.pdf
    • http://www.gorillawalker.com/you-are-not-alone-families-touched-by-cancer-talk4hope-series.pdf
    • http://www.gorillawalker.com/forever-blue-the-true-story-of-walter-o-malley-baseball.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.