Malicious PDF — malware analysis report

Static analysis result for SHA-256 1d1c2be98a11ffc9…

MALICIOUS

PDF

32.0 KB Created: 2019-05-24 00:41:30 +03:00 Authoring application: ABBYY FineReader 8.0 Professional Edition
MD5: 84ae53c93f9d857cea5fa5f4fa880b42 SHA-1: eaa3177329aa40d837f3a9250560ce6e763271ab SHA-256: 1d1c2be98a11ffc9fe806aa6015e7ccfda3f8a16fe9d4e18023b5fe78a339a7b
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to other PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or as a distribution mechanism for further malicious content. ClamAV also detected this file as 'Pdf.Dropper.Agent-7148546-0', supporting its malicious nature. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7148546-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7148546-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/optics-of-liquid-crystal-displays-wiley-series-in-pure-and.pdf
    • http://www.gorillawalker.com/manual-de-alimentaci-n-sana-spanish-edition.pdf
    • http://www.gorillawalker.com/heart-chance-chen-chi-watercolor-paintings.pdf
    • http://www.gorillawalker.com/rebecca-stubbs-the-vicar-s-daughter.pdf
    • http://www.gorillawalker.com/daughter-of-the-sea-laurel-leaf-books.pdf
    • http://www.gorillawalker.com/mass-spectrometry-applications-in-science-and-engineering.pdf
    • http://www.gorillawalker.com/conversation-resource-books-for-teachers.pdf
    • http://www.gorillawalker.com/the-luftwaffe-in-the-battle-of-britain-1940-classic-modelling.pdf
    • http://www.gorillawalker.com/level-2a-technique-artistry-book-piano-adventures.pdf
    • http://www.gorillawalker.com/the-wonderful-wizard-of-oz.pdf
    • http://www.gorillawalker.com/birthright-book-i-of-the-temujin-saga-kindle-edition.pdf
    • http://www.gorillawalker.com/basic-well-log-analysis-2nd-edition.pdf
    • http://www.gorillawalker.com/called-to-be-saints-a-centenary-history-of-the-church.pdf
    • http://www.gorillawalker.com/chick-o-saurus-rex.pdf
    • http://www.gorillawalker.com/cats-and-people.pdf
    • http://www.gorillawalker.com/the-old-english-heptateuch-and-lfric-s-libellus-de-veteri.pdf
    • http://www.gorillawalker.com/j-r-r-tolkien-companion-and-guide-two-volume-box.pdf
    • http://www.gorillawalker.com/low-carb-diet-and-weight-loss-recipes-high-protein-low.pdf
    • http://www.gorillawalker.com/the-easy-classic-rock-fake-book-melody-lyrics-simplified-chords.pdf
    • http://www.gorillawalker.com/oxford-picture-dictionary-english-farsi-2nd-second-edition-text-only.pdf
    • http://www.gorillawalker.com/personality-and-sense-of-humor.pdf
    • http://www.gorillawalker.com/the-night-alive.pdf
    • http://www.gorillawalker.com/the-united-states-air-force-in-korea-1950-1953.pdf
    • http://www.gorillawalker.com/a-brief-introduction-to-circuit-analysis.pdf
    • http://www.gorillawalker.com/the-image-of-leadership-how-leaders-package-themselves-to-stand.pdf
    • http://www.gorillawalker.com/the-illustrated-guide-to-brewing-beer-a-comprehensive-handboook-of.pdf
    • http://www.gorillawalker.com/time-awareness-for-all-musicians-book-audio-cd.pdf
    • http://www.gorillawalker.com/self-enforcing-trade-developing-countries-and-wto-dispute-settlement.pdf
    • http://www.gorillawalker.com/vlsi-in-medicine-v-l-s-i-electronics.pdf
    • http://www.gorillawalker.com/medicine-under-sail.pdf
    • http://www.gorillawalker.com/whole-earth-geophysics-an-introductory-textbook-for-geologists-and-geophysicists.pdf
    • http://www.gorillawalker.com/the-princess-and-the-ziz.pdf
    • http://www.gorillawalker.com/legal-studies-in-business.pdf
    • http://www.gorillawalker.com/the-cross-and-the-beatitudes.pdf
    • http://www.gorillawalker.com/computer-dictionary-a-sourcebook-of-computer-terms.pdf
    • http://www.gorillawalker.com/the-biggest-animal-on-land-rookie-read-about-science.pdf
    • http://www.gorillawalker.com/easy-algebra-step-by-step-easy-step-by-step-series.pdf
    • http://www.gorillawalker.com/general-relativity-and-the-einstein-equations-oxford-mathematical-monographs.pdf
    • http://www.gorillawalker.com/the-10-step-method-of-stress-relief-decoding-the-meaning.pdf
    • http://www.gorillawalker.com/reader-s-digest-oxford-wordfinder.pdf
    • http://www.gorillawalker.com/the-old-engli
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.