Malicious PDF — malware analysis report

Static analysis result for SHA-256 90d20bcadd4d9704…

MALICIOUS

PDF

44.9 KB Created: 2019-02-15 20:09:05 +03:00 Authoring application: pdfTeX-1.40.14 (via Revision 5)
MD5: 21a083e3311010b2d56526a69034d951 SHA-1: 2d2c5d32d5a556fadcabe623842c2a3d3ef8fdbd SHA-256: 90d20bcadd4d9704bf3979735a399ad5479418ac4298dd0b85d4f1a2486918b5
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7146985-0 and a machine learning classifier. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, suggesting a malicious intent to redirect users to potentially harmful content or manipulate search engine rankings. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7146985-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7146985-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ready-to-use-bird-illustrations-98-different-copyright-free-designs.pdf
    • http://www.gorillawalker.com/riding-the-rails-teenagers-on-the-move-during-the-great.pdf
    • http://www.gorillawalker.com/real-estate-finance-theory-practice.pdf
    • http://www.gorillawalker.com/my-e-mail-order-bride-a-trip-to-feodosia-crimea.pdf
    • http://www.gorillawalker.com/red-moon-demon-demon-lord-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/raw-food-in-pregnancy-for-easy-pregnancy-easy-delivery-a.pdf
    • http://www.gorillawalker.com/analytic-inequalities-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/buddhism-the-world-religions.pdf
    • http://www.gorillawalker.com/the-taste-of-home-baking-book.pdf
    • http://www.gorillawalker.com/basquiat-a-quick-killing-in-art.pdf
    • http://www.gorillawalker.com/defending-our-dreams-global-feminist-voices-for-a-new-generation.pdf
    • http://www.gorillawalker.com/heat-lights-and-action-how-electricity-works-at-home-with.pdf
    • http://www.gorillawalker.com/lsat-reading-comprehension-drilling-workbook-volume-1-all-40-reading.pdf
    • http://www.gorillawalker.com/vocabulary-in-action-level-h-word-meaning-pronunciation-prefixes-suffixes.pdf
    • http://www.gorillawalker.com/a-call-for-character-education-and-prayer-in-the-schools.pdf
    • http://www.gorillawalker.com/photographs-allen-ginsberg.pdf
    • http://www.gorillawalker.com/drugs-and-denial-drug-abuse-prevention-library.pdf
    • http://www.gorillawalker.com/applied-stress-analysis.pdf
    • http://www.gorillawalker.com/le-nez-rouge-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/antarctic-wildlife-a-folding-pocket-guide-to-familiar-species-of.pdf
    • http://www.gorillawalker.com/an-illustrated-guide-to-world-war-two-tanks-and-fighting.pdf
    • http://www.gorillawalker.com/european-urbanization-1500-1800.pdf
    • http://www.gorillawalker.com/the-pocket-outdoor-survival-guide-the-ultimate-guide-for-short.pdf
    • http://www.gorillawalker.com/understanding-four-views-on-baptism-counterpoints-church-life.pdf
    • http://www.gorillawalker.com/insurgent-mexico.pdf
    • http://www.gorillawalker.com/transmission-and-distribution-electrical-engineering.pdf
    • http://www.gorillawalker.com/scandal-and-silence-media-responses-to-presidential-misconduct.pdf
    • http://www.gorillawalker.com/bright-shadow.pdf
    • http://www.gorillawalker.com/mad-world-sanctuary.pdf
    • http://www.gorillawalker.com/confronting-mitral-valve-prolapse-syndrome.pdf
    • http://www.gorillawalker.com/medical-advancements-in-aging-and-regenerative-technologies-clinical-tools-and.pdf
    • http://www.gorillawalker.com/the-elder-eddas-of-saemund-sigfusson-younger-eddas-of-snorre.pdf
    • http://www.gorillawalker.com/cost-accounting-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/racial-and-cultural-minorities-an-analysis-of-prejudice-and-discrimination.pdf
    • http://www.gorillawalker.com/american-association-for-paralegal-education-2003-directory.pdf
    • http://www.gorillawalker.com/ani-imo-vol-1.pdf
    • http://www.gorillawalker.com/salt-water-moon.pdf
    • http://www.gorillawalker.com/message-from-the-black-swan-a-medical-doctor-s-journey.pdf
    • http://www.gorillawalker.com/sustainable-genealogy-separating-fact-from-fiction-in-family-legends.pdf
    • http://www.gorillawalker.com/the-last-pick-the-boston-marathon-race-director-s-road.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.