Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc4490ea55354e0b…

MALICIOUS

PDF

36.1 KB Created: 2019-09-02 20:01:26 +03:00 Authoring application: -
MD5: 14d917c3cada347994a4fa2a009bf816 SHA-1: 1b9aedf329428a8483cadd15d3f8d245db0d4bbd SHA-256: fc4490ea55354e0bbcb7cd159c19bc99674c33148ce73d1ce2bdd30ae2359bfe
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was detected as malware by ClamAV and flagged by an ML classifier. It contains a large number of embedded URLs pointing to other PDF files on the same domain, indicating a link farm or a method to distribute further malicious content. The primary attack pattern appears to be social engineering through a deceptive document that leads users to a collection of external links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7977

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7164314-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7164314-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/spinoza-theological-political-treatise-cambridge-texts-in-the-history-of.pdf
    • http://www.gorillawalker.com/from-the-last-supper-through-the-resurrection-the-saviors-final.pdf
    • http://www.gorillawalker.com/how-to-get-a-job-on-cruise-ships-its-easy.pdf
    • http://www.gorillawalker.com/pineapples-passion-fruit-and-poi-recipes-from-hawaii-by-mary.pdf
    • http://www.gorillawalker.com/i-heard-a-robin-this-morning.pdf
    • http://www.gorillawalker.com/panama-canal-by-cruise-ship-the-complete-guide-to-cruising.pdf
    • http://www.gorillawalker.com/hearing-the-new-testament-strategies-for-interpretation.pdf
    • http://www.gorillawalker.com/one-equals-zero-and-other-mathematical-surprises.pdf
    • http://www.gorillawalker.com/why-can-t-my-daughter-read-success-strategies-for-helping.pdf
    • http://www.gorillawalker.com/construction-craft-laborer-trainee-guide-level-1.pdf
    • http://www.gorillawalker.com/early-hong-kong-travel-1880-1939-the-hongkong-and-shanghai.pdf
    • http://www.gorillawalker.com/veterinary-pharmacology-and-therapeutics.pdf
    • http://www.gorillawalker.com/tomb-raider-the-art-of-survival.pdf
    • http://www.gorillawalker.com/as-i-remember-stories-of-eastern-montana-s-pioneers.pdf
    • http://www.gorillawalker.com/springs-in-the-desert-a-kid-s-history-of-las.pdf
    • http://www.gorillawalker.com/love-dora-a-storybook-gift-set-dora-the-explorer.pdf
    • http://www.gorillawalker.com/two-wolves-and-a-builder-s-daughter-werewolf-castle-2.pdf
    • http://www.gorillawalker.com/solzhenitsyn-and-dostoevsky-a-study-in-the-polyphonic-novel.pdf
    • http://www.gorillawalker.com/journey-to-center-place-council-for-indian-education.pdf
    • http://www.gorillawalker.com/australia-great-4wd-destinations.pdf
    • http://www.gorillawalker.com/the-big-book-of-slow-cooker-recipes-more-than-700.pdf
    • http://www.gorillawalker.com/manual-of-neural-therapy-according-to-huneke-complementary-medicine.pdf
    • http://www.gorillawalker.com/comic-con-futa-5-star-struck-futa-on-female-menage.pdf
    • http://www.gorillawalker.com/electronic-measurement-systems-theory-and-practice-2nd-edition.pdf
    • http://www.gorillawalker.com/minecraft-redstone-minecraft-handbuch-essentieller-minecraft-redstone-tricks-guide-f.pdf
    • http://www.gorillawalker.com/total-indians-the-1995-american-league-champions-from-total-baseball.pdf
    • http://www.gorillawalker.com/ai-ching-oriental-explore-su-destino-consulte-el-fabuloso-libro.pdf
    • http://www.gorillawalker.com/el-adversario-el-cristiano-frente-a-la-actividad-demoniaca-spanish.pdf
    • http://www.gorillawalker.com/no-fortunate-son-a-pike-logan-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/silent-melody.pdf
    • http://www.gorillawalker.com/dalla-sicilia-al-connecticut.pdf
    • http://www.gorillawalker.com/master-of-her-heart-lord-of-the-manor-book-3.pdf
    • http://www.gorillawalker.com/be-nice-to-white-rice-great-tasting-recipes-for-white.pdf
    • http://www.gorillawalker.com/jump-start-your-brain.pdf
    • http://www.gorillawalker.com/the-old-french-fabliaux.pdf
    • http://www.gorillawalker.com/twas-the-day-before-zoo-day.pdf
    • http://www.gorillawalker.com/the-new-housemate.pdf
    • http://www.gorillawalker.com/better-homes-and-gardens-365-comfort-foods-better-homes-and.pdf
    • http://www.gorillawalker.com/home-health-aide-on-the-go-in-service-lessons-vol.pdf
    • http://www.gorillawalker.com/physiology-an-illustrated-review-thieme-s-illustrated-review-series.pdf
    • http://www.gorillawalker.com/why-can-t-my-daughter-read-success-strateg
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.