Malicious PDF — malware analysis report

Static analysis result for SHA-256 50abf5bd3112d802…

MALICIOUS

PDF

37.0 KB Created: 2019-05-24 00:45:42 +03:00 Authoring application: - (via htmldoc 1.8.23 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)
MD5: 1c6ea6072b3669180bc15efa99f45c23 SHA-1: 4a9b47b496ff59a741a44d6a6b293091d7272f05 SHA-256: 50abf5bd3112d8026994a715ccac74dfd4cdfa5f5d45d0cbd49dccc680c22881
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine rankings or to distribute malicious content through a link farm. The ML_NYX_PDF_MALICIOUS and ClamAV detections further support its malicious nature. The primary IOCs are the URLs hosted on www.gorillawalker.com, which are likely used to deliver secondary payloads or redirect users to malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8196

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7062582-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7062582-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/1990-life-insurance-fact-book.pdf
    • http://www.gorillawalker.com/explanations-styles-of-explanation-in-science.pdf
    • http://www.gorillawalker.com/raise-the-bar-real-world-solutions-for-a-troubled-profession.pdf
    • http://www.gorillawalker.com/crystallography-and-crystal-chemistry-an-introduction.pdf
    • http://www.gorillawalker.com/the-road-to-dune.pdf
    • http://www.gorillawalker.com/iso-15534-2-2000-ergonomic-design-for-the-safety-of.pdf
    • http://www.gorillawalker.com/asian-americans-an-interpretive-history-twayne-s-immigrant-heritage-of.pdf
    • http://www.gorillawalker.com/27-powers-of-persuasion-simple-strategies-to-seduce-audiences-win.pdf
    • http://www.gorillawalker.com/textbook-of-chemical-engineering-thermodynamics.pdf
    • http://www.gorillawalker.com/the-billboard-book-of-gold-and-platinum-records.pdf
    • http://www.gorillawalker.com/wild-designs.pdf
    • http://www.gorillawalker.com/toleration-and-state-institutions-british-policy-toward-catholics-in-eighteenth.pdf
    • http://www.gorillawalker.com/preventing-web-attacks-with-apache.pdf
    • http://www.gorillawalker.com/solar-energy-applications-proceedings-of-the-international-seminar-on-appropriate.pdf
    • http://www.gorillawalker.com/restatement-second-of-contracts.pdf
    • http://www.gorillawalker.com/frederico-garci-lorca-et-cetera-estudios-sobre-las-literaturas-hispanicas.pdf
    • http://www.gorillawalker.com/manual-merck-manual-merck-de-informacion-medica-para-el-hogar.pdf
    • http://www.gorillawalker.com/fractal-creation-2014-mindful-editions.pdf
    • http://www.gorillawalker.com/tumbleweed-allie-earp-remembers-western-enhanced.pdf
    • http://www.gorillawalker.com/pkg-fund-of-nsg-care-txbk-study-guide-williams-hopper.pdf
    • http://www.gorillawalker.com/la-tegonia-e-los-trabajos-y-los-dias-spanish-edition.pdf
    • http://www.gorillawalker.com/one-day-in-the-life-of-television.pdf
    • http://www.gorillawalker.com/unexpectedly-expecting-bdsm-chastity-control-the-woes-of-nelly-book.pdf
    • http://www.gorillawalker.com/doctor-who-and-the-tomb-of-the-cybermen.pdf
    • http://www.gorillawalker.com/101-fat-burning-workouts-diet-strategies-for-men-everything-you.pdf
    • http://www.gorillawalker.com/evidence-constitutional-law-contracts-includes-essay-prep-and-mbe-s.pdf
    • http://www.gorillawalker.com/the-light-of-the-vedas.pdf
    • http://www.gorillawalker.com/the-body-finder-body-finder-book-1.pdf
    • http://www.gorillawalker.com/human-intimacy-marriage-the-family-and-its-meaning.pdf
    • http://www.gorillawalker.com/iec-61511-2-ed-1-0-b-2004-functional-safety.pdf
    • http://www.gorillawalker.com/logistics-outsourcing-a-management-guide.pdf
    • http://www.gorillawalker.com/the-day-everything-went-wrong.pdf
    • http://www.gorillawalker.com/how-to-have-great-legs-at-any-age-woman-doctor.pdf
    • http://www.gorillawalker.com/blue-guide-tuscany-fourth-edition-blue-guides.pdf
    • http://www.gorillawalker.com/major-issues-and-policies-in-china-s-financial-reform-volume.pdf
    • http://www.gorillawalker.com/assessment-methods-in-recruitment-selection-performance-a-manager-s-guide.pdf
    • http://www.gorillawalker.com/a-change-for-the-better-jo-was-definitely-ready-for.pdf
    • http://www.gorillawalker.com/basics-of-cmos-cell-design-professional-engineering.pdf
    • http://www.gorillawalker.com/home-for-now.pdf
    • http://www.gorillawalker.com/ego-cedrusok-libanon-1976-hungarian-edition.pdf
    • http://www.gorillawalker.com/toleration-and-state-institutions-british-policy-toward-catholics-in-eighteent
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.