Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a735e3c08474c3b…

MALICIOUS

PDF

43.9 KB Created: 2019-02-12 15:14:02 +03:00 Authoring application: Adobe InDesign CS5_J (7.0.4) (via Acrobat Distiller 9.5.0 (Windows))
MD5: 04e67ab1e8a0725976118446d583c990 SHA-1: 4d11e90751473b587486551dd98f8e38a5f26c97 SHA-256: 7a735e3c08474c3bc0e78150f97da5904d67f0a236126db82830ba7100f0221f
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. The primary finding is a large number of embedded external links, identified as a PDF SEO link farm. While no scripts were extracted, the sheer volume of links suggests a distribution or SEO poisoning campaign, likely delivered as a spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7140868-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140868-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-contract-guide-dpic-s-risk-management-handbook-for-architects.pdf
    • http://www.gorillawalker.com/jarney-a-marvelous-marriage.pdf
    • http://www.gorillawalker.com/new-mexico-prized-recipes-from-the-albuquerque-tribune-s-great.pdf
    • http://www.gorillawalker.com/search-technology-in-the-era-of-big-data-synthesis-lectures.pdf
    • http://www.gorillawalker.com/rolls-royce-silver-cloud.pdf
    • http://www.gorillawalker.com/amusing-animal-jokes-to-tickle-your-funny-bone-funniest-bone.pdf
    • http://www.gorillawalker.com/the-algerian-war-in-french-language-comics-postcolonial-memory-history.pdf
    • http://www.gorillawalker.com/war-of-words-getting-to-the-heart-of-your-communication.pdf
    • http://www.gorillawalker.com/philadelpia-city-map.pdf
    • http://www.gorillawalker.com/safe-money-matters.pdf
    • http://www.gorillawalker.com/nfpa-101-life-safety-code-2012-nfpa-life-safety-code.pdf
    • http://www.gorillawalker.com/walls-of-algiers-narratives-of-the-city-through-text-and.pdf
    • http://www.gorillawalker.com/crackback.pdf
    • http://www.gorillawalker.com/accounting-and-finance-for-managers-in-tropical-agriculture-intermediate-tropical.pdf
    • http://www.gorillawalker.com/chicken-soup-for-the-teenage-soul-on-tough-stuff-stories.pdf
    • http://www.gorillawalker.com/hail-holy-queen-the-mother-of-god-in-the-word.pdf
    • http://www.gorillawalker.com/these-mysterious-people-shaping-history-and-archaeology-in-a-northwest.pdf
    • http://www.gorillawalker.com/my-lucky-birthday.pdf
    • http://www.gorillawalker.com/acts-of-betrayal-urban-books.pdf
    • http://www.gorillawalker.com/ligament-balancing-in-total-knee-arthroplasty-an-instructional-manual.pdf
    • http://www.gorillawalker.com/target-arctic-men-in-the-skies-at-the-top-of.pdf
    • http://www.gorillawalker.com/heist-the-oddball-crew-behind-the-17-million-loomis-fargo.pdf
    • http://www.gorillawalker.com/evolution-second-edition.pdf
    • http://www.gorillawalker.com/junior-astronomy-notebooking-journal-for-exploring-creation-with-astronomy.pdf
    • http://www.gorillawalker.com/the-everything-sugar-free-cookbook-make-sugarfree-dishes-you-and.pdf
    • http://www.gorillawalker.com/night-of-the-living-dummy-iii-goosebumps.pdf
    • http://www.gorillawalker.com/beyond-the-miracle-worker-the-remarkable-life-of-anne-sullivan.pdf
    • http://www.gorillawalker.com/a-classroom-guide-to-the-great-gatsby-craig-s-notes.pdf
    • http://www.gorillawalker.com/the-way-we-eat-why-our-food-choices-matter-kindle.pdf
    • http://www.gorillawalker.com/mayme-angel-3-spanish-edition.pdf
    • http://www.gorillawalker.com/scaredy-mouse.pdf
    • http://www.gorillawalker.com/the-expert-at-the-card-table-classic-treatise-on-card.pdf
    • http://www.gorillawalker.com/norway-a-photographic-portrait-by-hanne-malat-frank-van-groen.pdf
    • http://www.gorillawalker.com/fearless-tony-hawk-live2skate.pdf
    • http://www.gorillawalker.com/studie-fur-das-baby-bar-die-wichtigsten-ca-baby-bar.pdf
    • http://www.gorillawalker.com/lakefront-airport.pdf
    • http://www.gorillawalker.com/verschiedene-gedanken-ber-einen-kometen-german-edition.pdf
    • http://www.gorillawalker.com/photosynthesis-the-possible-use-of-solar-energy.pdf
    • http://www.gorillawalker.com/sex-work-and-sex-workers-sexuality-and-culture.pdf
    • http://www.gorillawalker.com/international-arbitration-law-library-international-effectiveness-of-the-annulment-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.