Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a8097b3230a56bb…

MALICIOUS

PDF

33.9 KB Created: 2019-05-26 11:47:53 +03:00 Authoring application: Data Dynamics ActiveReports (tm) for .NET
MD5: 576e8cc8955031ba608f5cda0e98e9d8 SHA-1: dd8ef96a92780b6ecb1276589c4349b105ad1aed SHA-256: 7a8097b3230a56bbe8c3b03c0385c6e66a9e704dcc323412b7b7e7698656c1f5
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was detected as malicious by ClamAV and an ML classifier, and exhibits a critical heuristic for a link farm. It contains numerous embedded URLs pointing to other PDF documents, suggesting a tactic to distribute or obscure malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7175079-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7175079-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/atlas-of-applied-human-histology-the-identification-of-tissues-by.pdf
    • http://www.gorillawalker.com/2012-ibc-structural-seismic-design-manual-volume-3-examples-for.pdf
    • http://www.gorillawalker.com/the-complete-walt-disney-world-2009-complete-walt-disney-world.pdf
    • http://www.gorillawalker.com/the-art-of-modeling-chocolate.pdf
    • http://www.gorillawalker.com/the-crabs-of-texas-bulletin-no-43-series-vii-coastal.pdf
    • http://www.gorillawalker.com/leaving-november-clayburn-novels-series-2.pdf
    • http://www.gorillawalker.com/animal-school-what-class-are-you.pdf
    • http://www.gorillawalker.com/a-history-of-fine-arts-in-india-and-the-west.pdf
    • http://www.gorillawalker.com/muslim-child.pdf
    • http://www.gorillawalker.com/cobert-s-manual-of-drug-safety-and-pharmacovigilance-kindle-edition.pdf
    • http://www.gorillawalker.com/welcoming-children-from-sexual-minority-families-into-our-schools-fastback.pdf
    • http://www.gorillawalker.com/will-imagination-and-reason-irving-babbitt-and-the-problem-of.pdf
    • http://www.gorillawalker.com/spared-souls-with-hidden-sorrow-kindle-edition.pdf
    • http://www.gorillawalker.com/life-magazine-april-24-1964.pdf
    • http://www.gorillawalker.com/principles-of-risk-management-and-insurance-11th-edition-book-only.pdf
    • http://www.gorillawalker.com/panel-data-theory-and-applications-studies-in-empirical-economics.pdf
    • http://www.gorillawalker.com/digital-design-vhdl-an-embedded-systems-approach-using-vhdl.pdf
    • http://www.gorillawalker.com/conversaciones-conmigo-mismo-spanish-edition.pdf
    • http://www.gorillawalker.com/cell-phones-and-distracted-driving-selected-research-safety-and-risk.pdf
    • http://www.gorillawalker.com/waves-and-sound-addison-wesley-video-lessons-for-conceptual-physics.pdf
    • http://www.gorillawalker.com/the-interpretation-of-st-paul-s-epistle-of-the-romans.pdf
    • http://www.gorillawalker.com/whiteness-of-a-different-color-european-immigrants-and-the-alchemy.pdf
    • http://www.gorillawalker.com/i-am-a-card-counter-inside-the-world-of-advantage.pdf
    • http://www.gorillawalker.com/cystic-fibrosis-european-respiratory-monograph.pdf
    • http://www.gorillawalker.com/johnny-hazard-the-newspaper-dailies-1944-1946-volume-1.pdf
    • http://www.gorillawalker.com/the-self-perception-of-early-modern-capitalists.pdf
    • http://www.gorillawalker.com/the-best-of-belfast.pdf
    • http://www.gorillawalker.com/carbon-management-in-tourism-mitigating-the-impacts-on-climate-change.pdf
    • http://www.gorillawalker.com/in-praise-of-the-new-knighthood-a-treatise-on-the.pdf
    • http://www.gorillawalker.com/yogic-perception-meditation-and-altered-states-of-consciousness-beitrage-zur.pdf
    • http://www.gorillawalker.com/my-vue-modern-french-cookery.pdf
    • http://www.gorillawalker.com/the-hand-of-the-small-town-builder-summer-homes-in.pdf
    • http://www.gorillawalker.com/a-good-family-library-of-korean-literature.pdf
    • http://www.gorillawalker.com/il-fuoco-dentro-le-malattie-infiammatorie-croniche-dell-intestino-colloquio.pdf
    • http://www.gorillawalker.com/the-2011-import-and-export-market-for-pins-and-needles.pdf
    • http://www.gorillawalker.com/caring-for-the-rural-community-an-interdisciplinary-curriculum.pdf
    • http://www.gorillawalker.com/bat-pat-abuela-de-tutankamon-spanish-edition.pdf
    • http://www.gorillawalker.com/israel-en-la-encrucijada-cronicas-e-historia-de-un-sueno.pdf
    • http://www.gorillawalker.com/gods-of-blood-and-fire-swords-of-the-phoenix-queen.pdf
    • http://www.gorillawalker.com/mechanism-design-with-creo-elements-pro-5-0.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.