Malicious PDF — malware analysis report

Static analysis result for SHA-256 7032abd592ac50cd…

MALICIOUS

PDF

42.8 KB Created: 2018-11-23 21:09:19 +03:00 Authoring application: QuarkXPress(R) 8.0
MD5: 060c1d0065388f69b72c764fc78b5094 SHA-1: 2634badcf3c2c80e1bb79508d24147b1afca9a1c SHA-256: 7032abd592ac50cd1a2ccba2c26644ca0e381d409ab153936b84e0b4c7448766
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. ClamAV detected this file as Pdf.Dropper.Agent-7146282-0, and an ML classifier also flagged it as malicious. The embedded URLs suggest a link farm attack pattern, likely intended to drive traffic or distribute additional payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7146282-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7146282-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/camper-the-walking-society.pdf
    • http://www.gorillawalker.com/the-battlefield-of-faith.pdf
    • http://www.gorillawalker.com/senior-citizens-travel-health-characteristics-parents-will-go-to-the.pdf
    • http://www.gorillawalker.com/killing-america-s-sweetheart-a-natalie-miller-mystery-kindle-edition.pdf
    • http://www.gorillawalker.com/dockmanship-cornell-boaters-library.pdf
    • http://www.gorillawalker.com/dictador-del-futuro-el-the-future-dictator-the-furture-dictator.pdf
    • http://www.gorillawalker.com/where-to-take-tea-a-gude-to-britain-s-best.pdf
    • http://www.gorillawalker.com/processes-systems-and-information-an-introduction-to-mis-2nd-edition.pdf
    • http://www.gorillawalker.com/cognitive-engrg-complex-dynamic-world-computer-and-people-series.pdf
    • http://www.gorillawalker.com/creativity-words-bingo-game-creativity-workshop.pdf
    • http://www.gorillawalker.com/german-as-a-level-exam-revision-notes.pdf
    • http://www.gorillawalker.com/art-of-smooth-pasting-fundamentals-of-pure-and-applied-economics.pdf
    • http://www.gorillawalker.com/ssm-intro-statistical-methods-data-analysis.pdf
    • http://www.gorillawalker.com/northwest-treasure-hunter-s-gem-mineral-guide.pdf
    • http://www.gorillawalker.com/bob-miller-s-calc-for-the-clueless-precalc.pdf
    • http://www.gorillawalker.com/recollections-of-the-great-war-in-the-air-military-history.pdf
    • http://www.gorillawalker.com/man-and-wolf-advances-issues-and-problems-in-captive-wolf.pdf
    • http://www.gorillawalker.com/a-guide-to-rural-attika.pdf
    • http://www.gorillawalker.com/the-survivors-club-the-secrets-and-science-that-could-save.pdf
    • http://www.gorillawalker.com/the-british-indian-army-virtue-and-necessity.pdf
    • http://www.gorillawalker.com/murder-in-java.pdf
    • http://www.gorillawalker.com/division-and-multiplication-it-s-easy-easy-genius-math.pdf
    • http://www.gorillawalker.com/fluid-dynamic-lift-practical-information-on-aerodynamic-and-hydrodynamic-lift.pdf
    • http://www.gorillawalker.com/planning-and-control-for-food-and-beverage-operations.pdf
    • http://www.gorillawalker.com/harmony-and-voice-leading-second-edition.pdf
    • http://www.gorillawalker.com/vidas-y-leyendas-de-jacques-lacan-spanish-edition.pdf
    • http://www.gorillawalker.com/36-week-jam-session.pdf
    • http://www.gorillawalker.com/math-in-focus-singapore-math-extra-practice-workbook-grade-5.pdf
    • http://www.gorillawalker.com/wedding-march-from-midsummer-night-s-dream-piano-sheet-music.pdf
    • http://www.gorillawalker.com/new-revised-standard-version-children-s-bible-nrsv-deluxe-gift.pdf
    • http://www.gorillawalker.com/in-harmony-reading-and-writing.pdf
    • http://www.gorillawalker.com/take-control-of-your-life-a-2-hour-plan-to.pdf
    • http://www.gorillawalker.com/nuclear-madness.pdf
    • http://www.gorillawalker.com/archangel-s-kiss-guild-hunter-book-2.pdf
    • http://www.gorillawalker.com/forensic-science-in-court-challenges-in-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/live-boldly-fear-nothing-a-vigilante-and-a-painter-a.pdf
    • http://www.gorillawalker.com/the-rhythm-of-sterility-and-fertility-in-women.pdf
    • http://www.gorillawalker.com/the-chicago-danville-and-vincennes-r-r-the-most-important.pdf
    • http://www.gorillawalker.com/touch-graphics-the-power-of-tactile-design.pdf
    • http://www.gorillawalker.com/two-best-friends.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.