Malicious PDF — malware analysis report

Static analysis result for SHA-256 2a44ffdf5c35bb70…

MALICIOUS

PDF

43.1 KB Created: 2018-11-26 20:09:40 +03:00 Authoring application: Writer (via OpenOffice.org 2.0.3)
MD5: 5b4117b54b475cd1d26952b475011a12 SHA-1: 035e298142cf8847dc9f47675a71f59ddeb80780 SHA-256: 2a44ffdf5c35bb70870fe9eb52c69dca2cf9e957af0cf10b7675567419c63e13
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, all hosted on the domain www.gorillawalker.com. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ClamAV detection 'Pdf.Dropper.Agent-7242857-0' further supports the malicious nature of this file.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7242857-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7242857-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/luke-artist-and-theologian-luke-s-passion-account-as-literature.pdf
    • http://www.gorillawalker.com/fundamentals-of-land-measurement.pdf
    • http://www.gorillawalker.com/mended-lucian-lia-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/multilevel-governance-in-the-european-union-european-monographs-series-set.pdf
    • http://www.gorillawalker.com/the-psychology-of-dictatorship.pdf
    • http://www.gorillawalker.com/math-the-easy-way-your-key-to-learning-math-the.pdf
    • http://www.gorillawalker.com/spc-at-the-esquire-club.pdf
    • http://www.gorillawalker.com/the-myth-of-the-lost-cause-and-civil-war-history.pdf
    • http://www.gorillawalker.com/sports-science-skateboarding.pdf
    • http://www.gorillawalker.com/social-network-analysis-quantitative-applications-in-the-social-sciences.pdf
    • http://www.gorillawalker.com/camel-of-the-sea-wooden-sailing-ship-passenger-dow-symbol.pdf
    • http://www.gorillawalker.com/my-trip-to-nashville-a-child-s-perspective.pdf
    • http://www.gorillawalker.com/how-blest-are-they-sheet-music.pdf
    • http://www.gorillawalker.com/famous-solos-duets-for-the-ukulele-book-cd-set.pdf
    • http://www.gorillawalker.com/write-your-way-to-freelance-success-vol-2-writing-lab.pdf
    • http://www.gorillawalker.com/equine-medicine-surgery-and-reproduction-1e.pdf
    • http://www.gorillawalker.com/cs5-cs4-cs3-fully-compatible-with-illustrator-professional-logo-design.pdf
    • http://www.gorillawalker.com/secret-japan-postcards.pdf
    • http://www.gorillawalker.com/clinical-evaluation-of-psychotropic-drugs-principles-and-guidelines.pdf
    • http://www.gorillawalker.com/booker-t-washington-educator-and-racial-spokesman.pdf
    • http://www.gorillawalker.com/mother-tongues-sexuality-trials-motherhood-translation.pdf
    • http://www.gorillawalker.com/pickett-s-charge-the-last-attack-at-gettysburg-civil-war.pdf
    • http://www.gorillawalker.com/sudoku-especially-for-you.pdf
    • http://www.gorillawalker.com/design-of-long-life-flexible-pavements-for-heavy-traffic-trl.pdf
    • http://www.gorillawalker.com/souvenirs-of-military-life-in-algeria.pdf
    • http://www.gorillawalker.com/snowstruck-in-the-grip-of-avalanches.pdf
    • http://www.gorillawalker.com/staar-grade-5-science-assessment-secrets-study-guide-staar-test.pdf
    • http://www.gorillawalker.com/designing-world-class-e-learning.pdf
    • http://www.gorillawalker.com/the-new-illustrated-naturalist-american-seashells.pdf
    • http://www.gorillawalker.com/historic-boston-and-its-neighborhood-an-historical-pilgrimage-personally-conducted.pdf
    • http://www.gorillawalker.com/the-twelve-days-of-christmas-in-iowa-the-twelve-days.pdf
    • http://www.gorillawalker.com/discovering-god-s-will-study-guide-how-to-know-when.pdf
    • http://www.gorillawalker.com/fire-ice-max-carla-series-book-2.pdf
    • http://www.gorillawalker.com/bipolaridad-como-don-c-mo-transformar-la-inestabilidad-emocional-en.pdf
    • http://www.gorillawalker.com/cracking-windows-phone-and-blackberry-native-development-cross-platform-mobile.pdf
    • http://www.gorillawalker.com/american-steak-and-seafood-mexican-cuisine-passport-let-s-eat.pdf
    • http://www.gorillawalker.com/lonely-planet-norway.pdf
    • http://www.gorillawalker.com/healthy-gourmet-wheat-gluten-dairy-egg-and-yeast-free-recipes.pdf
    • http://www.gorillawalker.com/translational-biology-in-medicine-woodhead-publishing-series-in-biomedicine.pdf
    • http://www.gorillawalker.com/the-healthy-carb-diabetes-cookbook-favorite-foods-to-fit-your.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.