Malicious PDF — malware analysis report

Static analysis result for SHA-256 ddd70333f45fb6ff…

MALICIOUS

PDF

34.1 KB Created: 2019-09-18 18:15:51 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 6.0 (Windows))
MD5: c2d3444d883576f98ee0a348fbe9a91e SHA-1: 96b977e5f22261e8a2e591635ff2538932147e55 SHA-256: ddd70333f45fb6ff2be2c3fee04ff1ae9ee484e2c6b6b530cd790a154411e1a2
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a malicious intent, possibly for SEO manipulation or to serve as a dropper for further malicious content. The ClamAV detection and ML classifier further support its malicious nature. No scripts were extracted, and the document body was not readable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7196128-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7196128-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/german-learn-german-in-7-days-the-ultimate-crash-course.pdf
    • http://www.gorillawalker.com/journal-of-three-years-residence-in-abyssinia.pdf
    • http://www.gorillawalker.com/spectacular-homes-of-michigan-an-exclusive-showcase-of-michigan-s.pdf
    • http://www.gorillawalker.com/laboratory-animal-pocket-reference-series-the-laboratory-rabbit-second-edition.pdf
    • http://www.gorillawalker.com/clinical-supervisor-training-an-interactive-cd-rom-training-program-for.pdf
    • http://www.gorillawalker.com/jazz-in-new-orleans-the-postwar-years-through-1970-studies.pdf
    • http://www.gorillawalker.com/sabidur-a-de-mujeres-en-la-biblia-las-gigantas-de.pdf
    • http://www.gorillawalker.com/hal-leonard-sonata-for-clarinet-and-piano-book-and-cd.pdf
    • http://www.gorillawalker.com/the-whole-building-handbook-how-to-design-healthy-efficient-and.pdf
    • http://www.gorillawalker.com/anna-halprin-dance-process-form-kindle-edition.pdf
    • http://www.gorillawalker.com/hal-leonard-viva-la-vida-by-coldplay-arranged-for-piano.pdf
    • http://www.gorillawalker.com/the-best-of-hidden-upskirt-an-adult-picture-book.pdf
    • http://www.gorillawalker.com/oxford-gourmet-cookbook.pdf
    • http://www.gorillawalker.com/anger-is-okay-violence-is-not.pdf
    • http://www.gorillawalker.com/love-and-football-love-never-fails-i-corinthians-13-8.pdf
    • http://www.gorillawalker.com/a-midsummer-night-s-dream-the-arden-shakespeare.pdf
    • http://www.gorillawalker.com/taxes-business-strategy.pdf
    • http://www.gorillawalker.com/god-s-unfinished-book-journeying-through-the-book-of-acts.pdf
    • http://www.gorillawalker.com/principles-of-economics-unabridged-eighth-edition.pdf
    • http://www.gorillawalker.com/conscious-choices-a-model-for-self-directed-learning.pdf
    • http://www.gorillawalker.com/world-s-fastest-animals-level-2-amer-museum-of-nat.pdf
    • http://www.gorillawalker.com/the-somerset-thinking-skills-course-analysing-and-synthesising-module-2.pdf
    • http://www.gorillawalker.com/sex-deceit-reality-tv.pdf
    • http://www.gorillawalker.com/lemoine-guitare-basse-vari-t-jazz-pernette-alain-1152-positions.pdf
    • http://www.gorillawalker.com/lonely-planet-yellowstone-grand-teton-national-parks.pdf
    • http://www.gorillawalker.com/the-army-lawyer-a-history-of-the-judge-advocate-general.pdf
    • http://www.gorillawalker.com/pioneers-of-islamic-revival-second-edition-studies-in-islamic-society.pdf
    • http://www.gorillawalker.com/making-money-online-how-to-work-from-home-virtually-with.pdf
    • http://www.gorillawalker.com/foundations-of-optimization-graduate-texts-in-mathematics-vol-258.pdf
    • http://www.gorillawalker.com/discrete-algorithmic-mathematics-third-edition.pdf
    • http://www.gorillawalker.com/pseudomonas-genomics-and-molecular-biology.pdf
    • http://www.gorillawalker.com/popular-bohemia-modernism-and-urban-culture-in-nineteenth-century-paris.pdf
    • http://www.gorillawalker.com/no-safety-and-other-short-stories.pdf
    • http://www.gorillawalker.com/the-menopause-book-by-barbara-kantrowitz-sep-15-2009.pdf
    • http://www.gorillawalker.com/handbook-of-hydraulics-for-the-solution-of-hydraulic-engineering-problems.pdf
    • http://www.gorillawalker.com/dante-the-poetics-of-conversion.pdf
    • http://www.gorillawalker.com/one-day-we-met-the-lions.pdf
    • http://www.gorillawalker.com/el-corsario-invicto-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/manual-de-homil-tica-curso-de-formacion-ministerial-estudio-biblico.pdf
    • http://www.gorillawalker.com/robotics-science-and-systems-iii.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.