Malicious PDF — malware analysis report

Static analysis result for SHA-256 036226062fd82713…

MALICIOUS

PDF

44.5 KB Created: 2018-11-23 08:00:52 +03:00 Authoring application: Microsoft® Office Word 2007
MD5: 933a79e58a4fe50d80bfc5c394ed0c8a SHA-1: c42893777afbe778b3cb35897a444695e455d881 SHA-256: 036226062fd82713d347c4f9775f0ef8e3c2c34551a59cf43e81a51acbef8429
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a 'PDF_SEO_LINK_FARM' indicating a large number of external PDF links. The embedded URLs point to various PDF files on the 'gorillawalker.com' domain, suggesting a link farm or content distribution strategy. While no scripts were explicitly extracted, the nature of the PDF and the numerous external links suggest it is designed to redirect users, potentially to malicious content or for SEO manipulation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7223168-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7223168-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nystce-social-studies-005-test-secrets-study-guide-nystce-exam.pdf
    • http://www.gorillawalker.com/utopia-towards-a-new-toronto-utopia-series.pdf
    • http://www.gorillawalker.com/dirk-quigby-s-guide-to-the-afterlife-all-you-need.pdf
    • http://www.gorillawalker.com/barksdale-s-charge-the-true-high-tide-of-the-confederacy.pdf
    • http://www.gorillawalker.com/the-social-lives-of-snakes-from-loner-to-attentive-parent.pdf
    • http://www.gorillawalker.com/u-s-air-force-serving-in-the-military.pdf
    • http://www.gorillawalker.com/karla-klear-sky-a-meth-addict-s-mother-s-memoir.pdf
    • http://www.gorillawalker.com/dictionary-substances.pdf
    • http://www.gorillawalker.com/30-very-veggie-devos-about-honesty-big-idea-books-veggietales.pdf
    • http://www.gorillawalker.com/all-the-best-songs-of-praise-and-worship-2-book.pdf
    • http://www.gorillawalker.com/history-of-egypt-chaldea-syria-babylonia-and-assyria-in-the.pdf
    • http://www.gorillawalker.com/algebraic-and-geometric-combinatorics-contemporary-mathematics.pdf
    • http://www.gorillawalker.com/the-5-secrets-to-becoming-a-leader-life-point.pdf
    • http://www.gorillawalker.com/acts-the-crossway-classic-commentaries.pdf
    • http://www.gorillawalker.com/the-italian-method-of-la-drammatica-its-legacy-and-reception.pdf
    • http://www.gorillawalker.com/jesuitas-y-mapuches-1593-1767-coleccion-imagen-de-chile-spanish.pdf
    • http://www.gorillawalker.com/the-ten-thousand-portal-wars-ii-volume-2.pdf
    • http://www.gorillawalker.com/bimetallism-an-economic-and-historical-analysis-studies-in-macroeconomic-history.pdf
    • http://www.gorillawalker.com/mcat-physics-and-math-review-new-for-mcat-2015-graduate.pdf
    • http://www.gorillawalker.com/community-development-in-action-putting-freire-into-practice.pdf
    • http://www.gorillawalker.com/gay-believers-homosexuality-and-religion-the-gallup-s-guide-to.pdf
    • http://www.gorillawalker.com/manual-para-la-organizacion-y-el-entrenamiento-en-escuelas-de.pdf
    • http://www.gorillawalker.com/la-boheme-vocal-score.pdf
    • http://www.gorillawalker.com/getting-started-with-impala-interactive-sql-for-apache-hadoop-kindle.pdf
    • http://www.gorillawalker.com/menage-a-pensacola-a-military-erotica-story.pdf
    • http://www.gorillawalker.com/collins-reference-thesaurus-in-a-z-form.pdf
    • http://www.gorillawalker.com/state-police-exam-california-complete-preparation-guide-learningexpress-law-enforcement.pdf
    • http://www.gorillawalker.com/solovyovo-the-story-of-memory-in-a-russian-village-woodrow.pdf
    • http://www.gorillawalker.com/alexander-of-russia-napoleon-s-conqueror.pdf
    • http://www.gorillawalker.com/thrive-the-single-life-as-god-intended.pdf
    • http://www.gorillawalker.com/odyssey-pepsi-to-apple-a-journey-of-adventure-ideas-and.pdf
    • http://www.gorillawalker.com/call-me-rockstar-the-story-of-a-not-so-super.pdf
    • http://www.gorillawalker.com/the-popes-and-slavery.pdf
    • http://www.gorillawalker.com/battlefields-of-india-history-of-battles-fought-on-indian-soil.pdf
    • http://www.gorillawalker.com/mlk-the-martin-luther-king-jr-tapes.pdf
    • http://www.gorillawalker.com/mauritius-foreign-policy-and-government-guide.pdf
    • http://www.gorillawalker.com/stop-pissing-me-off-what-to-do-when-the-people.pdf
    • http://www.gorillawalker.com/fate-and-predestination.pdf
    • http://www.gorillawalker.com/johnson-s-mother-and-baby.pdf
    • http://www.gorillawalker.com/criminal-investigation-a-method-for-reconstructing-the-past-6th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.