Malicious PDF — malware analysis report

Static analysis result for SHA-256 3b893d22af1931ea…

MALICIOUS

PDF

45.2 KB Created: 2018-11-30 20:18:41 +03:00 Authoring application: calibre 0.9.13 [http://calibre-ebook.com]
MD5: 1138cfde807fba3f8901109d3f5fe810 SHA-1: 15792bfeca94201c6902cf56b842853af7574c29 SHA-256: 3b893d22af1931ea26407505209ed5a66cbbcc66638d572cb15bef9ca716373c
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by multiple heuristics, including a critical finding for a link farm containing 32 external PDF links. The ML classifier also indicated a high probability of maliciousness. The primary attack pattern appears to be the distribution of numerous links to other PDF documents hosted on www.gorillawalker.com, suggesting a coordinated effort to direct users to potentially malicious or unwanted content. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7139763-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7139763-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/3-18-2015-eric-s-pick-stocks-buy-sell-hold.pdf
    • http://www.gorillawalker.com/model-drawings-vol-2-kindle-edition.pdf
    • http://www.gorillawalker.com/fodor-s-scandinavia-1979.pdf
    • http://www.gorillawalker.com/sprinklers-and-watering-systems.pdf
    • http://www.gorillawalker.com/total-control-high-performance-street-riding-techniques.pdf
    • http://www.gorillawalker.com/the-cognitive-enrichment-advantage-family-school-partnership-handbook.pdf
    • http://www.gorillawalker.com/keeping-it-simple-small-business-bookkeeping-cash-flow-tax-vat.pdf
    • http://www.gorillawalker.com/pin-up-artist.pdf
    • http://www.gorillawalker.com/kate-s-cookbook-kindle-edition.pdf
    • http://www.gorillawalker.com/instrumentation-fundamentals-for-process-control.pdf
    • http://www.gorillawalker.com/lubricants-make-the-grade-national-sanitation-foundation-monitors-food-grade.pdf
    • http://www.gorillawalker.com/osteopathy-and-the-zombie-apocalypse-a-career-guide-for-pre.pdf
    • http://www.gorillawalker.com/iced-coffee-quick-easy-and-delicious-iced-coffee-recipes-you.pdf
    • http://www.gorillawalker.com/supplement-edition-areopagitica-kindle-edition.pdf
    • http://www.gorillawalker.com/junior-in-the-city-a-spinwheels-book.pdf
    • http://www.gorillawalker.com/orange-is-the-new-black-by-piper-kerman-a-30.pdf
    • http://www.gorillawalker.com/the-british-bandsman-centenary-book-social-history-of-brass-bands.pdf
    • http://www.gorillawalker.com/sly-the-family-stone-for-bass-bass-recorded-versions.pdf
    • http://www.gorillawalker.com/comprehensive-virology-17-methods-used-in-the-study-of-viruses.pdf
    • http://www.gorillawalker.com/imaginary-animals-16-assorted-notecards-and-envelopes.pdf
    • http://www.gorillawalker.com/in-search-of-america-s-past-learning-to-read-history.pdf
    • http://www.gorillawalker.com/the-right-to-die-an-examination-of-the-euthanasia-debate.pdf
    • http://www.gorillawalker.com/imperial-brothers-valentinian-valens-and-the-disaster-at-adrianople.pdf
    • http://www.gorillawalker.com/best-quick-and-easy-rice-meals-easy-meals-cookbook-kindle.pdf
    • http://www.gorillawalker.com/automotive-wiring-and-electrical-systems-vol-2-projects.pdf
    • http://www.gorillawalker.com/the-rainbow-bear.pdf
    • http://www.gorillawalker.com/how-to-raise-1-million-or-more-in-10-bite.pdf
    • http://www.gorillawalker.com/walking-across-ireland-from-dublin-bay-to-galway-bay.pdf
    • http://www.gorillawalker.com/avancemos-florida-student-edition-level-3-2007-spanish-edition.pdf
    • http://www.gorillawalker.com/winsor-pilates-the-win-in-10-meal-plan-accelerated-results.pdf
    • http://www.gorillawalker.com/eye-of-the-hurricane-the-alex-higgins-story.pdf
    • http://www.gorillawalker.com/a-road-called-love.pdf
    • http://www.gorillawalker.com/llama-sounds.pdf
    • http://www.gorillawalker.com/peterson-s-graduate-programs-in-business-health-information-studies-law.pdf
    • http://www.gorillawalker.com/french-organ-music-from-the-revolution-to-franck-and-widor.pdf
    • http://www.gorillawalker.com/chamber-ensembles-for-junior-forms-of-children-music-school.pdf
    • http://www.gorillawalker.com/hal-leonard-101-ukulele-tips-stuff-all-the-pros-know.pdf
    • http://www.gorillawalker.com/medicina-de-bolsillo-spanish-edition.pdf
    • http://www.gorillawalker.com/this-is-my-book.pdf
    • http://www.gorillawalker.com/genetics-genomics-and-breeding-of-poplar-genetics-genomics-and-breeding.pdf
    • http://www.gorillawalker.co
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.