Malicious PDF — malware analysis report

Static analysis result for SHA-256 1b50d45f94fe6d39…

MALICIOUS

PDF

43.9 KB Created: 2018-11-28 08:46:14 +03:00 Authoring application: Adobe Acrobat 8.3 Combine Files (via Adobe Acrobat 8.31 Paper Capture Plug-in)
MD5: 2b3afccf13c1efecad4c34d1f5ba4388 SHA-1: 13f5b8c0a64b242446ac1776bc8f21a4ca1b25ab SHA-256: 1b50d45f94fe6d39d2c221225439a2a3f72eaa255ea6a6e7c171bdb866f0c95b
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7235438-0 and a machine learning classifier. The critical heuristic PDF_SEO_LINK_FARM indicates the presence of 32 external links, predominantly hosted on www.gorillawalker.com. These links likely serve as a link farm to manipulate search engine results or redirect users to malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7235438-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7235438-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/travels-of-a-photographer-in-china-1933-1946.pdf
    • http://www.gorillawalker.com/vimalakirti-nirdesa-sutra-the-clear-light-series.pdf
    • http://www.gorillawalker.com/fundamentals-of-discrete-structures-2nd-edition.pdf
    • http://www.gorillawalker.com/collins-english-dictionary-kindle-edition.pdf
    • http://www.gorillawalker.com/charmfall-dark-elite-book-3.pdf
    • http://www.gorillawalker.com/beijing-china-guide-to-the-international-city.pdf
    • http://www.gorillawalker.com/wind-that-shakes-the-barley-the-a-screenplay.pdf
    • http://www.gorillawalker.com/the-eighth-dragon-birth-of-the-guardian.pdf
    • http://www.gorillawalker.com/judgment-great-news-or-dreaded-dilemma-kindle-edition.pdf
    • http://www.gorillawalker.com/greek-classics-2nd-edition-teacher-s-guide-questions-for-the.pdf
    • http://www.gorillawalker.com/u-s-history-skillbook-with-writing-instruction-and-practice.pdf
    • http://www.gorillawalker.com/technic-is-fun-book-4-late-intermediate-hirschberg.pdf
    • http://www.gorillawalker.com/can-omega-3-oils-stop-prostate-enlargement-helps-protect-your.pdf
    • http://www.gorillawalker.com/scots-irish-in-pennsylvania-kentucky-scots-irish-chronicles.pdf
    • http://www.gorillawalker.com/oral-and-maxillofacial-surgery-clinical-practice-manual.pdf
    • http://www.gorillawalker.com/photographic-atlas-of-practical-anatomy-ii-neck-head-back-chest.pdf
    • http://www.gorillawalker.com/the-pocket-guide-to-musicals.pdf
    • http://www.gorillawalker.com/ultimate-boarding-a-snowboarding-calendar-for-1998.pdf
    • http://www.gorillawalker.com/process-management-for-the-extended-enterprise-organizational-and-ict-networks.pdf
    • http://www.gorillawalker.com/little-black-classics-trimalchio-s-feast.pdf
    • http://www.gorillawalker.com/michael-light-la-day-la-night.pdf
    • http://www.gorillawalker.com/color-influencing-form-a-color-coursebook.pdf
    • http://www.gorillawalker.com/bent-over-his-desk-hot-office-kink.pdf
    • http://www.gorillawalker.com/cuffsy-wuffsy-volume-25.pdf
    • http://www.gorillawalker.com/soldiers-in-fur-and-feathers-the-animals-that-served-in.pdf
    • http://www.gorillawalker.com/el-color-de-tus-ojos-deseo-spanish-edition.pdf
    • http://www.gorillawalker.com/snow-toward-evening-a-year-in-a-river-valley-nature.pdf
    • http://www.gorillawalker.com/mellie-s-submission-men-of-mckenna-downs-4-siren-publishing.pdf
    • http://www.gorillawalker.com/mazurka-for-alto-saxophone-and-piano.pdf
    • http://www.gorillawalker.com/testing-of-asic-and-fpga-circuits-vlsi-testing-and-verification.pdf
    • http://www.gorillawalker.com/principles-of-corrosion-engineering-and-corrosion-control.pdf
    • http://www.gorillawalker.com/blue-ribbon-trail-ride-horses-and-friends.pdf
    • http://www.gorillawalker.com/101-things-to-do-in-tennessee-before-you-up-and.pdf
    • http://www.gorillawalker.com/minuet-and-trio-from-water-music-french-horn-solo-and.pdf
    • http://www.gorillawalker.com/hand-book-of-life-and-accident-insurance-on-the-mutual.pdf
    • http://www.gorillawalker.com/count-your-chickens-yellow-umbrella-early-level.pdf
    • http://www.gorillawalker.com/jewish-run-concentration-camps-in-the-soviet-union.pdf
    • http://www.gorillawalker.com/coal-21st-century-skills-library-power-up-kindle-edition.pdf
    • http://www.gorillawalker.com/st-paul-versus-st-peter-a-tale-of-two-missions.pdf
    • http://www.gorillawalker.com/i-only-want-what-s-best-for-you-a-parent.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.