Malicious PDF — malware analysis report

Static analysis result for SHA-256 83d46cc9496b480c…

MALICIOUS

PDF

43.1 KB Created: 2018-11-14 08:20:32 +03:00 Authoring application: Acrobat PDFMaker 7.0.7 for Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: 196a3cf17c702f93539d10ba3dfa3cc6 SHA-1: 3bdc445a48199ab146c6f6579dc5560765fd85ed SHA-256: 83d46cc9496b480c2573a9f52e1c5e5c294960c0353ab91c06021b0d2527569e
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. ClamAV detected this file as Pdf.Dropper.Agent, indicating it functions as a dropper. While no scripts were explicitly extracted, the PDF structure and the sheer volume of links suggest an attempt to redirect users to potentially harmful resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7278245-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7278245-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/encyclopedia-of-the-literature-of-empire-literary-movements.pdf
    • http://www.gorillawalker.com/musculoskeletal-assessment-joint-motion-and-muscle-testing-musculoskeletal-assesment.pdf
    • http://www.gorillawalker.com/an-introduction-to-random-sets.pdf
    • http://www.gorillawalker.com/the-essential-guide-to-public-health-and-health-promotion.pdf
    • http://www.gorillawalker.com/praxis-ii-elementary-education-curriculum-instruction-and-assessment-0011-and.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-baroque-music-historical-dictionaries-of-literature-and.pdf
    • http://www.gorillawalker.com/the-pocket-guide-to-legal-writing.pdf
    • http://www.gorillawalker.com/a-course-of-elementary-practical-physiology-and-histology.pdf
    • http://www.gorillawalker.com/experiencing-abortion.pdf
    • http://www.gorillawalker.com/home-health-care-law.pdf
    • http://www.gorillawalker.com/manual-on-the-use-of-the-dewey-decimal-classification-edition.pdf
    • http://www.gorillawalker.com/beyond-bluffs-master-the-mysteries-of-poker.pdf
    • http://www.gorillawalker.com/advertising-secrets-of-the-written-word-the-ultimate-resource-on.pdf
    • http://www.gorillawalker.com/conservation-photography-handbook-how-to-save-the-world-one-photo.pdf
    • http://www.gorillawalker.com/circo-erotica-black-lace-series.pdf
    • http://www.gorillawalker.com/the-stormrider-surf-guide-florida-storm-rider-surf-guides-kindle.pdf
    • http://www.gorillawalker.com/autumn-four-seasons-vivaldi-easy-violin-sheet-music-kindle-edition.pdf
    • http://www.gorillawalker.com/closer-to-the-great-whales.pdf
    • http://www.gorillawalker.com/shadowrun-arsenal.pdf
    • http://www.gorillawalker.com/who-was-who-in-orthodontics-with-a-selected-bibliography-of.pdf
    • http://www.gorillawalker.com/planning-support-systems-best-practice-and-new-methods-geojournal-library.pdf
    • http://www.gorillawalker.com/reaching-the-summit-edmund-hillary-s-life-of-adventure-dk.pdf
    • http://www.gorillawalker.com/transport-properties-and-concrete-quality-materials-science-of-concrete-materials.pdf
    • http://www.gorillawalker.com/linear-induction-drives-monographs-in-electrical-and-electronic-engineering.pdf
    • http://www.gorillawalker.com/the-artist-and-the-flower-the-visitor-book-5.pdf
    • http://www.gorillawalker.com/the-pleasure-zone.pdf
    • http://www.gorillawalker.com/pompeii-the-life-of-a-roman-town-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/the-handbook-of-national-legislatures-a-global-survey.pdf
    • http://www.gorillawalker.com/3-pi-ces-pour-orchestre-op-96-valse-lyrique-no.pdf
    • http://www.gorillawalker.com/not-for-tourists-guide-to-chicago-2016.pdf
    • http://www.gorillawalker.com/christmas-with-jinny-beyer-decorate-your-home-for-the-holidays.pdf
    • http://www.gorillawalker.com/the-labor-problem-and-the-social-catholic-movement-in-france.pdf
    • http://www.gorillawalker.com/scottish-ghost-stories-shiver-your-way-around-scotland.pdf
    • http://www.gorillawalker.com/mapping-skills-grades-2-3.pdf
    • http://www.gorillawalker.com/the-real-crash-america-s-coming-bankruptcy-how-to-save.pdf
    • http://www.gorillawalker.com/death-comes-but-once-kindle-edition.pdf
    • http://www.gorillawalker.com/aries-2010-starlines-astrological-calendar.pdf
    • http://www.gorillawalker.com/patrones-de-bolso-de-mano-para-ganchillo-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/cat-on-a-hyacinth-hunt-a-midnight-louie-mystery.pdf
    • http://www.gorillawalker.com/taming-the-wild-aborigines-and-racial-knowledge-in-colonial-malaya.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.