Malicious PDF — malware analysis report

Static analysis result for SHA-256 3f9973127d01598f…

MALICIOUS

PDF

45.2 KB Created: 2019-02-12 18:31:05 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: 2cf4b56941ac800f7b070e89f200b59a SHA-1: 4068c0e90f9c8d5e9bfc0d0b6c259e1da5ec6bb7 SHA-256: 3f9973127d01598fbdc7b2774be8f484eec157fb21b1845007032b37d266beee
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute further malicious content. ClamAV detection as 'Pdf.Dropper.Agent-7145697-0' and the ML classifier further support its malicious nature. The primary attack pattern involves tricking users into visiting these links, potentially leading to further compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7145697-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7145697-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/quarterdeck-a-kydd-sea-adventure.pdf
    • http://www.gorillawalker.com/questions-answers-discovery-kids.pdf
    • http://www.gorillawalker.com/comm-ent-a-journal-of-communications-and-entertainment-law-vol.pdf
    • http://www.gorillawalker.com/like-a-mighty-wind.pdf
    • http://www.gorillawalker.com/new-organic-architecture-the-breaking-wave.pdf
    • http://www.gorillawalker.com/an-atlas-of-sea-surface-maps-of-temperature-nutrients-and.pdf
    • http://www.gorillawalker.com/mcdougal-littell-science-california-note-taking-reading-study-guide-grade.pdf
    • http://www.gorillawalker.com/historic-powder-houses-of-new-england-arsenals-of-american-independence.pdf
    • http://www.gorillawalker.com/living-tibet.pdf
    • http://www.gorillawalker.com/software-industry-accounting.pdf
    • http://www.gorillawalker.com/engineering-a-successful-life.pdf
    • http://www.gorillawalker.com/brabham-bt52-owners-workshop-manual-1983-all-models-an-insight.pdf
    • http://www.gorillawalker.com/textbook-of-coronary-thrombosis-and-thrombolysis-developments-in-cardiovascular-medicine.pdf
    • http://www.gorillawalker.com/guide-vert-andalousie-green-guide-andalucia-french-edition.pdf
    • http://www.gorillawalker.com/assessment-of-client-core-issues.pdf
    • http://www.gorillawalker.com/moleskine-2012-12-month-daily-notebook-planner-peanuts-limited-edition.pdf
    • http://www.gorillawalker.com/metodologia-seis-sigma-para-el-control-de-calidad-aplicaciones-con.pdf
    • http://www.gorillawalker.com/christmas-ever-after.pdf
    • http://www.gorillawalker.com/grandes-fortalezas-spanish-edition.pdf
    • http://www.gorillawalker.com/the-alhambra-a-history-of-islamic-spain.pdf
    • http://www.gorillawalker.com/swedish-learn-swedish-in-7-days-the-ultimate-crash-course.pdf
    • http://www.gorillawalker.com/capital-days-michael-shiner-s-journal-and-the-growth-of.pdf
    • http://www.gorillawalker.com/national-audubon-society-pocket-guide-to-familiar-rocks-and-minerals.pdf
    • http://www.gorillawalker.com/vocabulary-spelling-success-in-20-minutes-a-day-skill-builders.pdf
    • http://www.gorillawalker.com/alfred-s-learn-to-play-blues-guitar-the-easiest-way.pdf
    • http://www.gorillawalker.com/lenin-s-last-struggle-ann-arbor-paperbacks-for-the-study.pdf
    • http://www.gorillawalker.com/album-vol-i-easy-for-trumpet-in-bb-and-piano.pdf
    • http://www.gorillawalker.com/sailing-for-ithaca.pdf
    • http://www.gorillawalker.com/sibley-s-new-mexico-campaign.pdf
    • http://www.gorillawalker.com/the-honeymoon-s-over-true-stories-of-love-marriage-and.pdf
    • http://www.gorillawalker.com/working-in-hawaii-a-labor-history.pdf
    • http://www.gorillawalker.com/return-to-roses-michigan-state-football-kindle-edition.pdf
    • http://www.gorillawalker.com/my-sunshine-away-by-m-o-walsh-summary-analysis-kindle.pdf
    • http://www.gorillawalker.com/radar-cross-section-scitech-radar-and-defense.pdf
    • http://www.gorillawalker.com/harmony-s-way-the-breeds-book-2.pdf
    • http://www.gorillawalker.com/rice-cooker-zojirushi-guide-the-best-recipes-for-your-rice.pdf
    • http://www.gorillawalker.com/bringing-cultural-diversity-to-feminist-psychology-theory-research-and-practice.pdf
    • http://www.gorillawalker.com/music-in-childhood-from-preschool-through-the-elementary-grades.pdf
    • http://www.gorillawalker.com/specialized-radar-and-servo-electronic-engineering-technology.pdf
    • http://www.gorillawalker.com/indexes-to-medical-literature.pdf
    • http://www.gorillawalker.com/historic-powder-hous
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.