Malicious PDF — malware analysis report

Static analysis result for SHA-256 4425e2fa460136f8…

MALICIOUS

PDF

43.7 KB Created: 2018-11-23 08:08:50 +03:00 Authoring application: Acrobat 5.0 Image Conversion Plug-in for Windows
MD5: d6775318c797290008692552a8d0ce7b SHA-1: 298d392f5a8377e3649b93ba6c9cd43e838bbd23 SHA-256: 4425e2fa460136f82e6ec942e6742ecba58062f89681f085a5ef1b5215b6abc3
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ClamAV detection 'Pdf.Dropper.Agent-7211789-0' and the ML classifier output strongly indicate malicious intent. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7211789-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7211789-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bone-health-god-s-pathway-to-healing.pdf
    • http://www.gorillawalker.com/hot-for-teacher.pdf
    • http://www.gorillawalker.com/northstar-listening-speaking-2-sb-w-interactive-sb-and-myenglishlab.pdf
    • http://www.gorillawalker.com/easy-main-dishes-from-around-the-world-easy-cookbooks-for.pdf
    • http://www.gorillawalker.com/spirit-hunger-workbook-with-dvd-filling-our-deep-longing-to.pdf
    • http://www.gorillawalker.com/gaijin-gaijin-third-edition-an-american-family-in-japan.pdf
    • http://www.gorillawalker.com/a-program-for-monetary-stability-the-millar-lectures-number-three.pdf
    • http://www.gorillawalker.com/tarot-art-nouveau-english-and-spanish-edition.pdf
    • http://www.gorillawalker.com/transnational-migration-social-inclusion-and-adult-education-new-directions-for.pdf
    • http://www.gorillawalker.com/it-s-turning-purple-i-think-we-should-quit-kindle.pdf
    • http://www.gorillawalker.com/frankenstein-illustrated-with-amazing-cloud-photography-3-bonus-books-amazing.pdf
    • http://www.gorillawalker.com/sex-addicts-anonymous.pdf
    • http://www.gorillawalker.com/top-50-most-delicious-soup-recipes-recipe-top-50-s.pdf
    • http://www.gorillawalker.com/the-pea-that-was-me-volume-4-a-single-mom.pdf
    • http://www.gorillawalker.com/the-disciples-a-struggle-for-reformation.pdf
    • http://www.gorillawalker.com/radiation-oncology-rapid-review-for-boards-and-moc.pdf
    • http://www.gorillawalker.com/side-order-of-love.pdf
    • http://www.gorillawalker.com/the-cosmos-astronomy-in-the-new-millennium.pdf
    • http://www.gorillawalker.com/asthma-education-principles-and-practice.pdf
    • http://www.gorillawalker.com/self-hypnosis-self-hypnosis-discovery-the-complete-guide-to-mastering.pdf
    • http://www.gorillawalker.com/the-jean-baudrillard-reader-european-perspectives-a-series-in-social.pdf
    • http://www.gorillawalker.com/servicing-electrocardiographs.pdf
    • http://www.gorillawalker.com/the-erotic-object-sexuality-in-sculpture-from-prehistory-to-the.pdf
    • http://www.gorillawalker.com/an-american-gulag-secret-p-o-w-camps-for-teens.pdf
    • http://www.gorillawalker.com/green-infrastructure-for-sustainable-urban-development-in-africa.pdf
    • http://www.gorillawalker.com/the-abbey-psalter-the-book-of-psalms-used-by-the.pdf
    • http://www.gorillawalker.com/the-barmaid-s-brain-other-strange-tales-from-science.pdf
    • http://www.gorillawalker.com/priscilla-ballerina.pdf
    • http://www.gorillawalker.com/braving-the-lake-innerstar-university-quality.pdf
    • http://www.gorillawalker.com/mucusless-diet-healing-system-a-scientific-method-of-eating-your.pdf
    • http://www.gorillawalker.com/the-toon-treasury-of-classic-children-s-comics.pdf
    • http://www.gorillawalker.com/the-casebook-of-carnacki-the-ghost-finder-wordsworth-mystery-supernatural.pdf
    • http://www.gorillawalker.com/kak-world-soccer-stars-estrellas-del-ftbol-mundial-spanish-edition.pdf
    • http://www.gorillawalker.com/life-in-communist-russia-way-people-live.pdf
    • http://www.gorillawalker.com/cruising-guide-to-san-francisco-bay-2nd-edition.pdf
    • http://www.gorillawalker.com/old-and-new-testaments-brittingham-prize-in-poetry.pdf
    • http://www.gorillawalker.com/eschatology-great-doctrines-of-the-bible-vol-8.pdf
    • http://www.gorillawalker.com/kick-the-jenkins-cycle-volume-1.pdf
    • http://www.gorillawalker.com/purcell-s-dancing-master.pdf
    • http://www.gorillawalker.com/distillation-equipment-and-processes.pdf
    • http://www.gorillawalker.com/a-program-for-monetary-stabil
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.