Malicious PDF — malware analysis report

Static analysis result for SHA-256 dbf7a452ce4669bf…

MALICIOUS

PDF

45.3 KB Created: 2018-12-14 20:04:04 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Adobe PDF Library 9.9)
MD5: 9b9cd3a7b4341e89cfc0f5ad12a0fd47 SHA-1: df4d2f92b98fd29b2a430e8da25e06927c8be408 SHA-256: dbf7a452ce4669bfdf2a3523c0566c9dd258e64f1e369416723fa392cea2b88d
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier and ClamAV also flagged this file as malicious. The document body, though heavily obfuscated, contains numerous URLs pointing to the same domain, suggesting a link farm or redirection mechanism. The primary purpose appears to be directing users to a large collection of other documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7140597-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140597-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-history-of-costa-rica-kindle-edition.pdf
    • http://www.gorillawalker.com/total-juicing-over-125-healthful-and-delicious-ways-to-use.pdf
    • http://www.gorillawalker.com/haysoos-the-honu.pdf
    • http://www.gorillawalker.com/secrets-of-a-side-bitch-4-kindle-edition.pdf
    • http://www.gorillawalker.com/sous-vide-the-art-of-precision-cooking.pdf
    • http://www.gorillawalker.com/the-pocket-kama-sutra-super-sex-52-red-hot-positions.pdf
    • http://www.gorillawalker.com/charting-made-easy-paperback.pdf
    • http://www.gorillawalker.com/pharmaceutical-sales-reps-marketing-search-word-pro-leveraging-social-media.pdf
    • http://www.gorillawalker.com/history-of-the-conquest-of-peru-with-a-preliminary-view.pdf
    • http://www.gorillawalker.com/professional-fiber-optic-installation-v-9-the-essentials-for-success.pdf
    • http://www.gorillawalker.com/life-principles-for-living-out-the-greatest-commandment-following-god.pdf
    • http://www.gorillawalker.com/environmental-illness-myth-reality.pdf
    • http://www.gorillawalker.com/financing-education-resource-generation-in-education-finance-management-and-planning.pdf
    • http://www.gorillawalker.com/the-guide-to-modern-carp-rigs.pdf
    • http://www.gorillawalker.com/breaking-the-deadlock-the-2000-election-the-constitution-and-the.pdf
    • http://www.gorillawalker.com/start-your-own-lawncare-and-landscaping-business-your-step-by.pdf
    • http://www.gorillawalker.com/her-daughter-s-dream-marta-s-legacy.pdf
    • http://www.gorillawalker.com/into-the-depths-of-god-where-eyes-see-the-invisible.pdf
    • http://www.gorillawalker.com/teaching-creative-writing-in-schools-history-creativity-and-childhood-children.pdf
    • http://www.gorillawalker.com/der-rushhour-killer-thriller-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-ace-the-national-geographic-bee-official-study-guide.pdf
    • http://www.gorillawalker.com/building-homes-building-hope-inspiring-stories-of-change-in-the.pdf
    • http://www.gorillawalker.com/i-want-god-forever-changed-by-the-revival-of-your.pdf
    • http://www.gorillawalker.com/advances-in-artificial-intelligence.pdf
    • http://www.gorillawalker.com/a-stitch-in-crime-the-poetry-of-murder.pdf
    • http://www.gorillawalker.com/the-random-house-book-of-shrubs.pdf
    • http://www.gorillawalker.com/hazard-tait-fletcher-and-bundy-s-cases-and-materials-on.pdf
    • http://www.gorillawalker.com/blackjack-strategy-the-ultimate-guide-to-winning-at-blackjack-and.pdf
    • http://www.gorillawalker.com/patients-providers-and-their-interaction-behavioral-science-and-dental-care.pdf
    • http://www.gorillawalker.com/how-do-you-like-your-blue-eyed-boy-desert-noir.pdf
    • http://www.gorillawalker.com/maine-a-photographic-celebration.pdf
    • http://www.gorillawalker.com/out-of-uniform.pdf
    • http://www.gorillawalker.com/free-fall-alias.pdf
    • http://www.gorillawalker.com/the-father-brown-reader-ii-more-stories-from-chesterton.pdf
    • http://www.gorillawalker.com/science-vocabulary-readers-set-animal-groups-exciting-nonfiction-books-that.pdf
    • http://www.gorillawalker.com/delivered-from-distraction-getting-the-most-out-of-life-with.pdf
    • http://www.gorillawalker.com/violin-concerto-op-8-full-score-a2130.pdf
    • http://www.gorillawalker.com/vietnam-firebases-1965-73-american-and-australian-forces-fortress.pdf
    • http://www.gorillawalker.com/essential-hiking-for-teens.pdf
    • http://www.gorillawalker.com/anti-aging-skin-care-secrets-younger-skin-without-scalpel-and.pdf
    • http://www.gorillawalker.com/pharmaceutical-sales-reps-marketing-search-word-pro-leve
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.