Malicious PDF — malware analysis report

Static analysis result for SHA-256 2b127699f7ba5bbc…

MALICIOUS

PDF

31.9 KB Created: 2019-08-10 07:58:00 +03:00 Authoring application: Acrobat PDFMaker 7.0.7 for Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: dff11af541e04ff74d1ed3756572525b SHA-1: 3f1c68286c0462b5cbd5192fd16eb85340a2431d SHA-256: 2b127699f7ba5bbc688723d70f2323ea83382d12f22fe9e3f1872f08007cb1f8
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests the document's primary purpose is to lure users to click on these links, which are hosted on www.gorillawalker.com. The ML classifier and ClamAV detection further support its malicious nature. The embedded URLs are likely part of a link farm designed to redirect users to malicious content or phishing pages.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8405

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7160531-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7160531-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-point-of-no-return-le-point-de-non-retour.pdf
    • http://www.gorillawalker.com/red-day-green-day.pdf
    • http://www.gorillawalker.com/fieser-and-fieser-s-reagents-for-organic-synthesis-volume-14.pdf
    • http://www.gorillawalker.com/beautiful-dead-bella-a-lana-cloud-murder-mystery-kindle-edition.pdf
    • http://www.gorillawalker.com/on-burning-ground-a-son-s-memoir.pdf
    • http://www.gorillawalker.com/the-spiderwick-chronicles-boxed-set-the-field-guide-the-seeing.pdf
    • http://www.gorillawalker.com/delay-differential-equations-with-applications-in-population-dynamics.pdf
    • http://www.gorillawalker.com/the-biomathematics-of-malaria-1982.pdf
    • http://www.gorillawalker.com/iec-60191-2t-ed-1-0-b-1996-eighteenth-supplement.pdf
    • http://www.gorillawalker.com/man-down-the-manly-man-s-guide-to-hormone-disruptors.pdf
    • http://www.gorillawalker.com/private-sins-three-rivers-book-1.pdf
    • http://www.gorillawalker.com/cyprus-travel-guide-sightseeing-hotel-restaurant-shopping-highlights-illustrated-kindle.pdf
    • http://www.gorillawalker.com/indexing-the-medical-and-biological-sciences-occasional-papers-on-indexing.pdf
    • http://www.gorillawalker.com/post-split-america-divided.pdf
    • http://www.gorillawalker.com/slave-society-in-cuba-during-the-nineteenth-century.pdf
    • http://www.gorillawalker.com/inside-nhl-94-official-guide-official-strategy-guides.pdf
    • http://www.gorillawalker.com/linear-circuit-analysis-a-laplace-transform-approach-vol-2.pdf
    • http://www.gorillawalker.com/the-wedding-dress-thorndike-press-large-print-christian-romance-series.pdf
    • http://www.gorillawalker.com/where-s-waldo-the-fantastic-journey.pdf
    • http://www.gorillawalker.com/shakespeare-from-the-margins-language-culture-context.pdf
    • http://www.gorillawalker.com/voltaire-s-bastards-the-dictatorship-of-reason-in-the-west.pdf
    • http://www.gorillawalker.com/the-equip-implementation-guide-teaching-youth-to-think-and-act.pdf
    • http://www.gorillawalker.com/julius-caesar-the-arkangel-shakespeare-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/subordinate-legislation-2003-subordinate-legislation-committee-2nd-report-scottish-parliament.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-option-selling-how-selling-options-can.pdf
    • http://www.gorillawalker.com/aerobics-national-fitness-program-guide-book-chinese-edition.pdf
    • http://www.gorillawalker.com/101-animal-secrets.pdf
    • http://www.gorillawalker.com/henkersbraut-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-99th-battalion.pdf
    • http://www.gorillawalker.com/modern-carpentry-essential-skills-for-the-building-trades-by-wagner.pdf
    • http://www.gorillawalker.com/attack-on-titan-junior-high-3.pdf
    • http://www.gorillawalker.com/innocence-examined-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-new-literacies.pdf
    • http://www.gorillawalker.com/hotel-imperial-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/project-management-process-technology-and-practice.pdf
    • http://www.gorillawalker.com/comprehensive-management-of-spinal-cord-injury-clinical-symposia-volume-34.pdf
    • http://www.gorillawalker.com/siren-s-opus.pdf
    • http://www.gorillawalker.com/dominica-isle-of-adventure-macmillan-caribbean-guides.pdf
    • http://www.gorillawalker.com/the-old-testament-apocrypha-an-introduction.pdf
    • http://www.gorillawalker.com/lord-demon.pdf
    • http://www.gorillawalker.com/man-down-the-manly-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.