Malicious PDF — malware analysis report

Static analysis result for SHA-256 59da6af0114f6347…

MALICIOUS

PDF

42.6 KB Created: 2018-12-11 20:05:12 +03:00 Authoring application: - (via Acrobat Web Capture 8.0)
MD5: 20780a0e2ea9469037bce687abd71673 SHA-1: 096ffb145c7df1bb25b9d11e217efa2bffc0d501 SHA-256: 59da6af0114f6347a6d8b6762b1c12218db047a43fb5331bf9735cd9688b76f3
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files hosted on www.gorillawalker.com. This is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. ClamAV detected this as Pdf.Dropper.Agent-7147419-0, and a machine learning classifier also flagged it as malicious. The primary attack pattern involves luring users to click on these links, which likely lead to further malicious content or exploits.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7147419-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7147419-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/shahana-through-my-eyes.pdf
    • http://www.gorillawalker.com/answers-in-the-heart-daily-meditations-for-men-and-women.pdf
    • http://www.gorillawalker.com/closely-held-businesses-in-estate-planning-2008-supplement.pdf
    • http://www.gorillawalker.com/eyeball-animation-drawing-book-dinosaur-edition-eyeball-animation-drawing-books.pdf
    • http://www.gorillawalker.com/national-board-of-chiropractic-part-iv-study-guide-key-review.pdf
    • http://www.gorillawalker.com/steven-curtis-chapman-speechless.pdf
    • http://www.gorillawalker.com/samayal-grilling-baking-oru-viral-thodu-munayil-tamil-edition.pdf
    • http://www.gorillawalker.com/poppy-s-chair.pdf
    • http://www.gorillawalker.com/fodor-s-modern-guide-spain-and-portugal-in-1952.pdf
    • http://www.gorillawalker.com/woodlot-management-storey-garden-way-publishing-bulletin-a-70.pdf
    • http://www.gorillawalker.com/a-guide-to-biblical-commentaries-reference-works.pdf
    • http://www.gorillawalker.com/fenomeno-deportivo-spanish-edition.pdf
    • http://www.gorillawalker.com/shadows-on-the-rock-vintage-classics.pdf
    • http://www.gorillawalker.com/gabon-mineral-mining-sector-investment-and-business-guide-world-business.pdf
    • http://www.gorillawalker.com/buntus-foclora-the-first-1-000-words-in-irish.pdf
    • http://www.gorillawalker.com/financial-education-for-youth-the-role-of-schools.pdf
    • http://www.gorillawalker.com/roller-coasters-torque-books-world-s-fastest-torque-world-s.pdf
    • http://www.gorillawalker.com/making-a-soul-human-destiny-and-the-debt-of-our.pdf
    • http://www.gorillawalker.com/anger-and-conflict-management-personal-handbook.pdf
    • http://www.gorillawalker.com/understanding-scientific-reasoning.pdf
    • http://www.gorillawalker.com/wanting-to-believe-faith-family-and-finding-an-exceptional-life.pdf
    • http://www.gorillawalker.com/nelson-thornes-framework-english-skills-in-fiction-3-bk-3.pdf
    • http://www.gorillawalker.com/double-delight-zoo.pdf
    • http://www.gorillawalker.com/criminal-law-foundation-studies-in-law-series.pdf
    • http://www.gorillawalker.com/jaguar-cars-1964-1968.pdf
    • http://www.gorillawalker.com/introduction-to-academic-writing-third-edition-the-longman-academic-writing.pdf
    • http://www.gorillawalker.com/freud-and-the-americans-the-beginnings-of-psychoanalysis-in-the.pdf
    • http://www.gorillawalker.com/bvr-s-guide-to-intellectual-property-valuation.pdf
    • http://www.gorillawalker.com/cool-coffee-creamer-secrets-20-homemade-coffee-creamer-recipes-the.pdf
    • http://www.gorillawalker.com/singapore-math-grade-2.pdf
    • http://www.gorillawalker.com/invitation-to-the-management-system-engineering-2009-isbn-4883616908-japanese.pdf
    • http://www.gorillawalker.com/canoeing-down-everest.pdf
    • http://www.gorillawalker.com/stained-glass-seashells-and-other-patterns-projects-from-the-sea.pdf
    • http://www.gorillawalker.com/the-last-german-empress-empress-augusta-victoria-consort-of-emperor.pdf
    • http://www.gorillawalker.com/100-best-spas-of-the-world-100-best-series.pdf
    • http://www.gorillawalker.com/defusing-hostile-customers-workbook-third-edition2010-a-self-instructional-workbook.pdf
    • http://www.gorillawalker.com/when-nature-and-nurture-collide-early-childhood-trauma-adult-crime.pdf
    • http://www.gorillawalker.com/no-cure-for-love.pdf
    • http://www.gorillawalker.com/congressional-yellow-book-summer-2013-who-146-s-who-in.pdf
    • http://www.gorillawalker.com/what-you-need-to-know-about-breast-cancer.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.