Malicious PDF — malware analysis report

Static analysis result for SHA-256 01d239039d8c4801…

MALICIOUS

PDF

43.3 KB Created: 2018-11-14 21:15:02 +03:00 Authoring application: Acrobat PDFMaker 11 for Word (via Acrobat Distiller 11.0 (Windows))
MD5: 767910c6ff73b894529c9305850c690b SHA-1: 3cdb68ce4dedcbd709b4eaa8e17bb3ea0f43efd0 SHA-256: 01d239039d8c480125966073de3c446a852e18d95e08b4c058eb7a6f48a81b66
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the 'gorillawalker.com' domain. While no specific script was extracted, the presence of embedded URLs and the ClamAV detection (Pdf.Dropper.Agent-7222339-0) strongly suggest this document is designed to redirect users to malicious content, likely as part of a phishing or malware distribution campaign. The ML_NYX_PDF_MALICIOUS score further supports its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7222339-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7222339-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sba-mcqs-and-emqs-for-the-mrcs-part-a-pack.pdf
    • http://www.gorillawalker.com/syner-abs-ii.pdf
    • http://www.gorillawalker.com/antologia-de-literatura-hispanica-contemporanea-spanish-edition.pdf
    • http://www.gorillawalker.com/popol-vuh-antiguas-leyendas-del-quiche.pdf
    • http://www.gorillawalker.com/history-of-semiconductor-engineering-1st-first-edition.pdf
    • http://www.gorillawalker.com/labor-of-women-in-the-production-american-farmers-and-rise.pdf
    • http://www.gorillawalker.com/promise-of-forever-promises-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/wildflowers-of-the-southeastern-united-states.pdf
    • http://www.gorillawalker.com/carel-fabritius-complete-edition-with-a-catalogue-raisonne.pdf
    • http://www.gorillawalker.com/college-writing-skills-7th-edition.pdf
    • http://www.gorillawalker.com/electronics-for-scientists-physical-principles-with-applications-to-instrumentation.pdf
    • http://www.gorillawalker.com/la-cosecha-de-manzanas-apple-harvest-todo-acerca-del-oto.pdf
    • http://www.gorillawalker.com/alma-s-mail-order-husband-a-clean-historical-mail-order.pdf
    • http://www.gorillawalker.com/the-joint-rolling-handbook-expert-edition.pdf
    • http://www.gorillawalker.com/view-from-mount-diablo.pdf
    • http://www.gorillawalker.com/egypt-and-the-sudan-handbook-for-travellers-6th-ed-with.pdf
    • http://www.gorillawalker.com/atlas-of-itbayat-place-names-batanes-philippines.pdf
    • http://www.gorillawalker.com/the-fictions-of-language-and-the-languages-of-fiction.pdf
    • http://www.gorillawalker.com/what-your-child-needs-to-know-when.pdf
    • http://www.gorillawalker.com/fury-scorned-new-england-furies-book-2.pdf
    • http://www.gorillawalker.com/the-flood-of-2013-a-summer-of-angry-rivers-in.pdf
    • http://www.gorillawalker.com/dr-lyman-spalding-the-originator-of-the-united-states-pharmacopia.pdf
    • http://www.gorillawalker.com/abecedario-de-los-animales-spanish-edition.pdf
    • http://www.gorillawalker.com/immersionplus-italian-with-listening-guide-italian-edition.pdf
    • http://www.gorillawalker.com/lady-elisabeth-a-victorian-bride-romance-short-story-the-huntington.pdf
    • http://www.gorillawalker.com/introductory-electronic-devices-and-circuits-electron-flow-version-7th-edition.pdf
    • http://www.gorillawalker.com/a-fuller-explanation-the-synergetic-geometry-of-r-buckminster-fuller.pdf
    • http://www.gorillawalker.com/what-is-the-theory-of-plate-tectonics-what-is-the.pdf
    • http://www.gorillawalker.com/english-literature-from-romanticism-to-postmodernism.pdf
    • http://www.gorillawalker.com/the-missing-piece.pdf
    • http://www.gorillawalker.com/undersea-the-merman-book-4-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/being-present-in-the-darkness.pdf
    • http://www.gorillawalker.com/the-gospel-of-roth-the-good-news-about-roth-ira.pdf
    • http://www.gorillawalker.com/american-muslim-women-religious-authority-and-activism-more-than-a.pdf
    • http://www.gorillawalker.com/wiley-gaap-for-governments-2002-interpretation-and-application-of-generally.pdf
    • http://www.gorillawalker.com/general-topology.pdf
    • http://www.gorillawalker.com/the-peninsular-war-atlas-revised-general-military.pdf
    • http://www.gorillawalker.com/mel-bay-solo-pieces-for-the-advanced-clarinetist-with-piano.pdf
    • http://www.gorillawalker.com/the-little-toy-engine-and-other-stories-enid-blyton-s.pdf
    • http://www.gorillawalker.com/british-fascism-1918-1939-parties-ideology-and-culture-manchester-studies.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.