Malicious PDF — malware analysis report

Static analysis result for SHA-256 7bbb2192136fa634…

MALICIOUS

PDF

46.0 KB Created: 2018-12-03 16:48:41 +03:00 Authoring application: Microsoft® Word 2010
MD5: b4d52ff5ee53befb819efa740572f23f SHA-1: ab11a652eb86bea5150be3738b61c71fbf41071b SHA-256: 7bbb2192136fa634731594159dfa28f9be4dfa2bbcdfa4486a9ce51dbed420e8
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by multiple heuristics, including a critical finding for a PDF link farm and ClamAV detection as a dropper. The ML classifier also indicated a high probability of maliciousness. The embedded URLs, all pointing to PDFs on the same domain, suggest a coordinated effort to distribute content or manipulate search results, consistent with SEO poisoning or a dropper mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7140592-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140592-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mister-rogers-divorce.pdf
    • http://www.gorillawalker.com/the-business-of-venture-capital-insights-from-leading-practitioners-on.pdf
    • http://www.gorillawalker.com/spectrum-test-practice-grade-8.pdf
    • http://www.gorillawalker.com/telescopes-through-the-looking-glass.pdf
    • http://www.gorillawalker.com/the-art-of-grammar-a-practical-guide.pdf
    • http://www.gorillawalker.com/a-theology-of-word-spirit-authority-method-in-theology-christian.pdf
    • http://www.gorillawalker.com/super-chistes-para-chicos-spanish-edition.pdf
    • http://www.gorillawalker.com/deformation-and-fracture-mechanics-of-engineering-materals.pdf
    • http://www.gorillawalker.com/american-showcase-illustration-vol-22-200-best-illustrators-worldwide.pdf
    • http://www.gorillawalker.com/flat-track-fashion-the-roller-derby-look-book.pdf
    • http://www.gorillawalker.com/programming-net-web-services.pdf
    • http://www.gorillawalker.com/the-blank-comic-book-gridbook-7-x10-63-pages.pdf
    • http://www.gorillawalker.com/highway-horror-legends-of-radio.pdf
    • http://www.gorillawalker.com/the-niagara-falls-companion-and-fashionable-miscellany.pdf
    • http://www.gorillawalker.com/dental-materials-pageburst-e-book-on-kno-retail-access-card.pdf
    • http://www.gorillawalker.com/super-hero-shaped-sound-books.pdf
    • http://www.gorillawalker.com/symbolic-logic-classical-and-advanced-systems.pdf
    • http://www.gorillawalker.com/the-trigger-point-therapy-workbook-your-self-treatment-guide-for.pdf
    • http://www.gorillawalker.com/housing-in-holland-a-guide-to-making-a-new-home.pdf
    • http://www.gorillawalker.com/which-ad-pulled-best.pdf
    • http://www.gorillawalker.com/australian-politics-a-second-reader.pdf
    • http://www.gorillawalker.com/elvis-pure-gold-arrangement-for-mixed-chorus-satb-with-piano.pdf
    • http://www.gorillawalker.com/is-god-a-racist-the-right-wing-in-canada.pdf
    • http://www.gorillawalker.com/somerset-county-cricket-club-classics-fifty-of-the-finest-matches.pdf
    • http://www.gorillawalker.com/maternity-nursing-revised-reprint-text-and-elsevier-adaptive-learning-package.pdf
    • http://www.gorillawalker.com/nonunion-of-the-long-bones-diagnosis-and-treatment-with-compression.pdf
    • http://www.gorillawalker.com/modulation-transfer-function-in-optical-and-electrooptical-systems-spie-tutorial.pdf
    • http://www.gorillawalker.com/abbott-vascular-inc-product-pipeline-analysis-download-pdf-digital.pdf
    • http://www.gorillawalker.com/orientation-to-home-care-nursing.pdf
    • http://www.gorillawalker.com/retirement-without-borders-how-to-retire-abroad-in-mexico-france.pdf
    • http://www.gorillawalker.com/floristics-and-paleofloristics-of-asia-and-eastern-north-america-symposia.pdf
    • http://www.gorillawalker.com/dark-ages-the-case-for-a-science-of-human-behavior.pdf
    • http://www.gorillawalker.com/cultural-policies-in-europe-regions-and-cultural-decentralisation.pdf
    • http://www.gorillawalker.com/beyond-the-big-river-and-other-western-stories.pdf
    • http://www.gorillawalker.com/criminological-theory-assessing-philosophical-assumptions.pdf
    • http://www.gorillawalker.com/dinosaur-flip-book.pdf
    • http://www.gorillawalker.com/exposing-progressive-creation-serious-biblical-scientific-errors-that-promote-billions.pdf
    • http://www.gorillawalker.com/the-moral-political-writings-of-mahatma-gandhi-volume-iii-non.pdf
    • http://www.gorillawalker.com/community-case-management-during-an-influenza-outbreak-a-training-package.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-4320-208-12-p.pdf
    • http://www.gorillawalker.com/american-showcase-illustration-vol-22-200-best-illustrators-worldw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.