Malicious PDF — malware analysis report

Static analysis result for SHA-256 4d1419ea5778a3eb…

MALICIOUS

PDF

43.0 KB Created: 2018-11-15 19:33:53 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Acrobat Distiller 8.1.0 (Windows))
MD5: 2afe5669b4bcab7e438373a9f3ae26b4 SHA-1: 0d7f900449b9c0aa79c0713a08eed6337f9c5888 SHA-256: 4d1419ea5778a3eba227653cdec5952b9418795aaa3b97c166ccbae283f2d9aa
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by ClamAV as Pdf.Dropper.Agent and a machine learning classifier indicated a high probability of maliciousness. The primary heuristic identified a large number of external PDF links, all pointing to the same domain (www.gorillawalker.com), suggesting a link farm or distribution mechanism. No scripts were extracted, and the document body was heavily obfuscated, preventing further analysis of its specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7258636-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7258636-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/antebellum-dream-book.pdf
    • http://www.gorillawalker.com/finding-sherlock-s-london-travel-guide-to-over-200-sites.pdf
    • http://www.gorillawalker.com/the-souffl-cookbook.pdf
    • http://www.gorillawalker.com/peckinpah-an-ultraviolent-romance-kindle-edition.pdf
    • http://www.gorillawalker.com/el-patito-feo.pdf
    • http://www.gorillawalker.com/the-end-of-charity-time-for-social-enterprise.pdf
    • http://www.gorillawalker.com/a-gamut-of-games.pdf
    • http://www.gorillawalker.com/environment-of-care-tracer-workbook.pdf
    • http://www.gorillawalker.com/3029-10-european-market-for-integral-horsepower-motors-european-reports.pdf
    • http://www.gorillawalker.com/1001-great-ideas-for-teaching-and-raising-children-with-autism.pdf
    • http://www.gorillawalker.com/hisp-wrtr-2-hispanic-writers.pdf
    • http://www.gorillawalker.com/nutcracker-noel.pdf
    • http://www.gorillawalker.com/a-natural-history-of-the-sonoran-desert-arizona-sonora-desert.pdf
    • http://www.gorillawalker.com/more-make-it-fast-cook-it-slow-200-brand-new.pdf
    • http://www.gorillawalker.com/guatemala-mineral-mining-sector-investment-and-business-guide-world-business.pdf
    • http://www.gorillawalker.com/ethical-dimensions-of-the-economy-making-use-of-hegel-and.pdf
    • http://www.gorillawalker.com/manual-for-courts-martial-united-states-1951.pdf
    • http://www.gorillawalker.com/the-archaeology-of-early-egypt-social-transformations-in-north-east.pdf
    • http://www.gorillawalker.com/united-united-old-trafford-in-the-70s.pdf
    • http://www.gorillawalker.com/analytic-geometry-solution-key.pdf
    • http://www.gorillawalker.com/the-teachings-of-modern-orthodox-christianity-on-law-politics-and.pdf
    • http://www.gorillawalker.com/lions-the-zoo-s-who-s-who.pdf
    • http://www.gorillawalker.com/the-illustrated-bible-verses-wall-calendar-2016.pdf
    • http://www.gorillawalker.com/untamed-and-unashamed-the-autobiography.pdf
    • http://www.gorillawalker.com/5-steps-to-a-5-ap-u-s-history-flashcards.pdf
    • http://www.gorillawalker.com/pete-the-cat-s-train-trip-my-first-i-can.pdf
    • http://www.gorillawalker.com/katy-in-control.pdf
    • http://www.gorillawalker.com/sexual-murder-catathymic-and-compulsive-homicides.pdf
    • http://www.gorillawalker.com/rainforests-an-activity-guide-for-ages-6-150-9.pdf
    • http://www.gorillawalker.com/true-blood-dead-until-dark-living-dead-in-dallas-club.pdf
    • http://www.gorillawalker.com/calcutta-the-city-revealed.pdf
    • http://www.gorillawalker.com/periodontics-in-the-tradition-of-orban-and-gottlieb.pdf
    • http://www.gorillawalker.com/process-and-the-authentic-life-toward-a-psychology-of-value.pdf
    • http://www.gorillawalker.com/materials-design-inspired-by-nature-function-through-inner-architecture-rsc.pdf
    • http://www.gorillawalker.com/problem-solving-in-conceptual-physics-for-conceptual-physics-tenth-edition.pdf
    • http://www.gorillawalker.com/ultrasonic-waves-in-solid-media.pdf
    • http://www.gorillawalker.com/a-preponderance-of-power-national-security-the-truman-administration-and.pdf
    • http://www.gorillawalker.com/bird-bones-and-sludge-a-complete-guide-to-hydraulic-contamination.pdf
    • http://www.gorillawalker.com/capitalization-theory-and-techniques-study-guide.pdf
    • http://www.gorillawalker.com/diagnostic-ultrasound.pdf
    • http://www.gorillawalker.com/a-gamut-of-games.pd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.