Malicious PDF — malware analysis report

Static analysis result for SHA-256 a3264a53fdfa8d72…

MALICIOUS

PDF

27.9 KB Created: 2019-09-02 22:01:01 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Acrobat Distiller 6.0 for Macintosh)
MD5: a1a8eddc8abccfbec59df015558e25b0 SHA-1: 46c129f1203c5d36fb17b1b19f110809d9ece0ae SHA-256: a3264a53fdfa8d7214f663600d817a66bd4681649f30df29e073e1d50649a4d1
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the same domain. This suggests a link farm or redirection tactic. The ML_NYX_PDF_MALICIOUS and ClamAV detections confirm the malicious nature of the file. While no scripts were extracted, the sheer volume of links and the heuristic firings strongly indicate a malicious intent, likely to manipulate search engine rankings or redirect users to harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8838

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7199415-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7199415-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/logic-its-proper-use-how-to-think-logically-volume-2.pdf
    • http://www.gorillawalker.com/beauty-pop-vol-3-v-3.pdf
    • http://www.gorillawalker.com/pixar-touch-chinese-edition.pdf
    • http://www.gorillawalker.com/mastermind-dinners-build-lifelong-relationships-by-connecting-experts-influencers-and.pdf
    • http://www.gorillawalker.com/esteban-s-conclusions-the-seeker-s-journal.pdf
    • http://www.gorillawalker.com/catalonia-movie-walks-intelligent-travel-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/the-seduction-of-elliot-mcbride-mackenzies-series.pdf
    • http://www.gorillawalker.com/big-girl-bigger-desire-bbw-interracial-pregnancy-risk-kindle-edition.pdf
    • http://www.gorillawalker.com/the-rainstick-a-fable.pdf
    • http://www.gorillawalker.com/global-networks-linked-cities.pdf
    • http://www.gorillawalker.com/miami-and-the-keys-destination-touring-map-guide-national-geographic.pdf
    • http://www.gorillawalker.com/multiple-streams-of-internet-income.pdf
    • http://www.gorillawalker.com/microelectronic-circuits.pdf
    • http://www.gorillawalker.com/focused-interview.pdf
    • http://www.gorillawalker.com/the-great-commentary-of-cornelius-a-lapide-volume-8.pdf
    • http://www.gorillawalker.com/saving-the-white-lions-one-woman-s-battle-for-africa.pdf
    • http://www.gorillawalker.com/family-legacy.pdf
    • http://www.gorillawalker.com/high-temperature-experiments-in-chemistry-and-materials-science.pdf
    • http://www.gorillawalker.com/fracture-mechanics-design-handbook-for-composite-materials-technical-report.pdf
    • http://www.gorillawalker.com/the-law-principles-and-practice-of-legal-ethics-first-edition.pdf
    • http://www.gorillawalker.com/na-ve-set-theory.pdf
    • http://www.gorillawalker.com/1-001-phrases-you-need-to-get-a-job-the.pdf
    • http://www.gorillawalker.com/acoustic-blues-guitar-styles.pdf
    • http://www.gorillawalker.com/united-states-hegemony-and-the-foundations-of-international-law.pdf
    • http://www.gorillawalker.com/riga-the-bradt-city-guide-bradt-mini-guide.pdf
    • http://www.gorillawalker.com/chicago-hot-dog-stands-view-master-reel.pdf
    • http://www.gorillawalker.com/italian-mediterranean-diet-cookbook-over-50-bread-desert-and-sandwich.pdf
    • http://www.gorillawalker.com/the-read-aloud-handbook-fifth-edition.pdf
    • http://www.gorillawalker.com/humorous-quotations-and-jokes-for-atheists-agnostics-and-secular-humanists.pdf
    • http://www.gorillawalker.com/hood-misfits-volume-3-carl-weber-presents-carl-weber-presents.pdf
    • http://www.gorillawalker.com/secret-revealed-a-secret-novel.pdf
    • http://www.gorillawalker.com/applied-sport-management-skills-second-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/sexual-difference-between-psychoanalysis-and-vitalism.pdf
    • http://www.gorillawalker.com/big-enough-anna.pdf
    • http://www.gorillawalker.com/canada-on-stage-scenes-and-monologues-a-survey-of-canadian.pdf
    • http://www.gorillawalker.com/sonata-in-b-minor-softcover-piano-solo.pdf
    • http://www.gorillawalker.com/document-raj-writing-and-scribes-in-early-colonial-south-india.pdf
    • http://www.gorillawalker.com/the-initiate-sensual-novels-for-the-sensual-woman-the-handmaidens.pdf
    • http://www.gorillawalker.com/project-quality-management-why-what-and-how-second-edition.pdf
    • http://www.gorillawalker.com/jack-hammer.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.