Malicious PDF — malware analysis report

Static analysis result for SHA-256 1fe91e7dd93b9ed4…

MALICIOUS

PDF

42.9 KB Created: 2018-11-30 20:25:31 +03:00 Authoring application: XSL Formatter V4.3 MR8 for Windows (via Acrobat Distiller 7.0.5 (Windows))
MD5: 7c6c7cb221adaf1d617ae9088770b441 SHA-1: d84e3d80bc26e77dcbe2d15d6b28ecb8c239fa20 SHA-256: 1fe91e7dd93b9ed4888463a2b9a2c799c11746103ecdd97b3f9195ff73057196
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, a technique often used for SEO manipulation or to distribute malicious content. The ClamAV heuristic also flags this file as a Pdf.Dropper.Agent, indicating its role in delivering other malware. The embedded URLs are the primary indicators of compromise, suggesting a distribution or redirection attack.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7341431-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7341431-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/no-limits-beyond-a-genius-script-2013-edition.pdf
    • http://www.gorillawalker.com/kokoro-french-edition.pdf
    • http://www.gorillawalker.com/distributing-risk-insurance-legal-thory-and-public-policy.pdf
    • http://www.gorillawalker.com/cougar-club-caribbean-get-away-volume-2.pdf
    • http://www.gorillawalker.com/ashes-and-angel-wings-demon-the-fallen-1.pdf
    • http://www.gorillawalker.com/el-magnifico-plan-de-lobo-spanish-edition.pdf
    • http://www.gorillawalker.com/the-merriweather-girls-on-camper-s-trail-the-merriweather-girls.pdf
    • http://www.gorillawalker.com/guaranteed-to-fail-fannie-mae-freddie-mac-and-the-debacle.pdf
    • http://www.gorillawalker.com/dreams-deceptions-and-desires-western-escape-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/radical-democracy-and-collective-movements-today-the-biopolitics-of-the.pdf
    • http://www.gorillawalker.com/tao-te-ching-lao-tzu.pdf
    • http://www.gorillawalker.com/critical-care-nursing-a-holistic-approach-critical-care-nursing-a.pdf
    • http://www.gorillawalker.com/ultimate-guide-to-bicycle-maintenance.pdf
    • http://www.gorillawalker.com/palestine-past-and-present-gorgias-historical-travels.pdf
    • http://www.gorillawalker.com/the-sports-injuries-handbook-diagnosis-and-management.pdf
    • http://www.gorillawalker.com/touching-cloudbase-the-complete-guide-to-paragliding.pdf
    • http://www.gorillawalker.com/miami-light-rail-train-business-directory-travel-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/a-century-of-catholic-converts.pdf
    • http://www.gorillawalker.com/battle-for-skylands-skylanders-universe.pdf
    • http://www.gorillawalker.com/schaum-s-outline-of-beginning-physics-i-mechanics-and-heat.pdf
    • http://www.gorillawalker.com/hallelujah-pop-choral-series-satb-pop-choral-series-satb-sheet.pdf
    • http://www.gorillawalker.com/parenting-prodigals-six-principles-for-bringing-your-son-or-daughter.pdf
    • http://www.gorillawalker.com/angels-coloring-book-dover-coloring-books.pdf
    • http://www.gorillawalker.com/twenty-four-hours-a-day-journal-a-meditation-book-and.pdf
    • http://www.gorillawalker.com/fire-burn.pdf
    • http://www.gorillawalker.com/guide-to-methodology-in-ergonomics-designing-for-human-use.pdf
    • http://www.gorillawalker.com/real-moments-1997-calendar.pdf
    • http://www.gorillawalker.com/strawfoot.pdf
    • http://www.gorillawalker.com/the-bored-stupid-at-work-doodle-book-escape-your-mind.pdf
    • http://www.gorillawalker.com/new-testament-traditions-and-apocryphal-narratives-princeton-theological-monograph-series.pdf
    • http://www.gorillawalker.com/surgical-techniques-in-ophthalmology-series-oculoplastic-surgery-text-with-dvd.pdf
    • http://www.gorillawalker.com/by-robin-frederick-shortcuts-to-songwriting-for-film-tv-114.pdf
    • http://www.gorillawalker.com/contextual-english-french-dictionary-of-solar-energy-dictionnaire-contextuel-anglais.pdf
    • http://www.gorillawalker.com/the-complete-book-of-business-plans-simple-steps-to-writing.pdf
    • http://www.gorillawalker.com/arkazates-begins-prequel-to-arkazates-subject-of-rome-arkazates-end.pdf
    • http://www.gorillawalker.com/franz-liszt-the-virtuoso-years-1811-1847-vol-1-franz.pdf
    • http://www.gorillawalker.com/politics-disability-and-education-reform-in-the-south-the-work.pdf
    • http://www.gorillawalker.com/someone-was-here-profiles-in-the-aids-epidemic.pdf
    • http://www.gorillawalker.com/the-2000-2005-outlook-for-nursing-home-care-in-oceana.pdf
    • http://www.gorillawalker.com/the-bigger-bang.pdf
    • http://www.gorillawalker.com/guaranteed-to-fail-fannie-mae
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.