Malicious PDF — malware analysis report

Static analysis result for SHA-256 32446225d0f2b943…

MALICIOUS

PDF

44.4 KB Created: 2018-12-15 08:11:03 +03:00 Authoring application: calibre 0.9.36 [http://calibre-ebook.com]
MD5: e43e4d7dbd0944d366a5611df67e2f8f SHA-1: be1bd5c56d319b8951bb3cd5458cccb61816d221 SHA-256: 32446225d0f2b9434b58b027282291848bf273a1df8e55273d37aadb1e25932f
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7142157-0 and a machine learning classifier. The heuristic PDF_SEO_LINK_FARM indicates the presence of 32 external links, predominantly hosted on www.gorillawalker.com, suggesting a link farm or distribution mechanism. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7142157-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142157-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/harmony-in-practice-answer-book.pdf
    • http://www.gorillawalker.com/current-occupational-environmental-medicine-lange-medical-books.pdf
    • http://www.gorillawalker.com/divine-sayings-the-mishkat-al-anwar-of-ibn-arabi.pdf
    • http://www.gorillawalker.com/hilary-putnam-realism-reason-and-the-uses-of-uncertainty.pdf
    • http://www.gorillawalker.com/west-point-two-centuries-and-beyond.pdf
    • http://www.gorillawalker.com/chasing-tradewinds-the-island-breeze-novella-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/creeds-of-life-love-inspiration-a-guidebook-of-everyday-wisdom.pdf
    • http://www.gorillawalker.com/castro-s-cuba-cuba-s-fidel-an-american-journalist-s.pdf
    • http://www.gorillawalker.com/revelation-revealed.pdf
    • http://www.gorillawalker.com/fundamentos-de-control-de-motores-electricos-en-la-industria-fundamentals.pdf
    • http://www.gorillawalker.com/biographical-directory-of-the-council-of-economic-advisers.pdf
    • http://www.gorillawalker.com/the-watercolorist-s-essential-notebook.pdf
    • http://www.gorillawalker.com/let-s-explore-sea-animals-sticker-coloring-book-dover-nature.pdf
    • http://www.gorillawalker.com/multimedia-cartography.pdf
    • http://www.gorillawalker.com/black-knight-ritchie-blackmore.pdf
    • http://www.gorillawalker.com/plants-that-merit-attention-shrubs.pdf
    • http://www.gorillawalker.com/problem-solving-in-physiology.pdf
    • http://www.gorillawalker.com/the-flight-of-big-horse-the-trail-of-war-in.pdf
    • http://www.gorillawalker.com/from-everywhere-to-everywhere-a-world-view-of-christian-mission.pdf
    • http://www.gorillawalker.com/uncommon-marriage-learning-about-lasting-love-and-overcoming-life-s.pdf
    • http://www.gorillawalker.com/applied-reactor-physics.pdf
    • http://www.gorillawalker.com/soldering-understanding-the-basics.pdf
    • http://www.gorillawalker.com/a-discussion-of-the-diagnosis-and-treatment-of-osteoporosis.pdf
    • http://www.gorillawalker.com/the-health-care-provider-s-guide-to-facing-the-malpractice.pdf
    • http://www.gorillawalker.com/new-warriors-classic-vol-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-cross-by-day-mezuzzah-by-night.pdf
    • http://www.gorillawalker.com/writing-romance-self-counsel-writing.pdf
    • http://www.gorillawalker.com/global-catastrophes-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/the-dimensions-of-parking-d-10.pdf
    • http://www.gorillawalker.com/ivory-cats-mini-wall-calendar-2015-art-calendar.pdf
    • http://www.gorillawalker.com/the-correspondence-of-w-e-b-du-bois-vol-3.pdf
    • http://www.gorillawalker.com/french-horn-solos-four-pieces-for-french-horn-with-piano.pdf
    • http://www.gorillawalker.com/brain-in-aging-and-dementia.pdf
    • http://www.gorillawalker.com/back-pain-recognition-and-management-3e-3rd-edition-by-hutson.pdf
    • http://www.gorillawalker.com/grune-smoothies-zum-abnehmen-november-12-saisonale-rezepte-abgestimmt-auf.pdf
    • http://www.gorillawalker.com/a-comparison-study-evaluating-satisfaction-levels-of-orthodontic-patients-treated.pdf
    • http://www.gorillawalker.com/clifford-visits-the-hospital.pdf
    • http://www.gorillawalker.com/fit-an-architect-s-manifesto.pdf
    • http://www.gorillawalker.com/engaged-to-three-men-an-erotic-romance.pdf
    • http://www.gorillawalker.com/ethics-in-accounting-a-decision-making-approach.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.