Malicious PDF — malware analysis report

Static analysis result for SHA-256 5a19f25e2733745b…

MALICIOUS

PDF

44.6 KB Created: 2018-12-15 20:01:54 +03:00 Authoring application: TopLeaf 7.6.056 (via iText 2.1.7 by 1T3XT)
MD5: 9f4d1cbe0cdb93efc2410400e6e0e52a SHA-1: b67003f2949fd57567b4977b01d24fa13d53dea5 SHA-256: 5a19f25e2733745b375e60037daeaedc913ebc86409196b848a5b0bd78a9e377
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by multiple heuristics, including a critical PDF_SEO_LINK_FARM rule indicating a mass external link farm. The ML classifier also assigned a high probability of maliciousness. The embedded URLs, all pointing to www.gorillawalker.com, suggest a link-farming or redirection scheme designed to lead users to potentially harmful content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7139764-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7139764-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/life-during-the-american-civil-war-rosen-real-readers-fluency.pdf
    • http://www.gorillawalker.com/functional-electromyography-provocative-maneuvers-in-electrodiagnosis.pdf
    • http://www.gorillawalker.com/easter-and-lent-activity-book.pdf
    • http://www.gorillawalker.com/spontaneous-evolution-our-positive-future-and-a-way-to-get.pdf
    • http://www.gorillawalker.com/wine-milkshakes-and-smoothies-quick-and-delicious-cocktail-recipe-book.pdf
    • http://www.gorillawalker.com/clark-the-shark.pdf
    • http://www.gorillawalker.com/quantum-hall-effects-recent-theoretical-and-experimental-developments-3rd-edition.pdf
    • http://www.gorillawalker.com/kristeva-psychoanalysis-and-culture-ashgate-new-critical-thinking-in-philosophy.pdf
    • http://www.gorillawalker.com/120-competitive-games-and-exercises-for-soccer.pdf
    • http://www.gorillawalker.com/autismo-autism-hacia-una-explicacion-del-enigma-explaining-the-enigma.pdf
    • http://www.gorillawalker.com/piano-abc-s-level-one-beginning-at-the-beginning.pdf
    • http://www.gorillawalker.com/that-s-why-we-don-t-eat-animals-a-book.pdf
    • http://www.gorillawalker.com/the-white-deer.pdf
    • http://www.gorillawalker.com/plato-cratylus-parmenides-greater-hippias-lesser-hippias-loeb-classical-library.pdf
    • http://www.gorillawalker.com/the-blue-book-of-charts-to-winning-chess.pdf
    • http://www.gorillawalker.com/biography-of-a-germ.pdf
    • http://www.gorillawalker.com/space-rocks-and-buffalo-grass-paperback.pdf
    • http://www.gorillawalker.com/the-portable-beat-reader-the-viking-portable-library.pdf
    • http://www.gorillawalker.com/goltermann-concerto-no-4-for-cello-and-orchestra-in-g.pdf
    • http://www.gorillawalker.com/wilderness-basics-the-complete-handbook-for-hikers-backpackers.pdf
    • http://www.gorillawalker.com/the-girl-in-red-pajamas-pajama-trilogy-book-3.pdf
    • http://www.gorillawalker.com/monotone-operators-in-banach-space-and-nonlinear-partial-differential-equations.pdf
    • http://www.gorillawalker.com/budgeting-for-infertility-publisher-fireside-original-edition.pdf
    • http://www.gorillawalker.com/addiction-in-america-society-psychology-and-heredity-illicit-and-misused.pdf
    • http://www.gorillawalker.com/introduction-to-environmental-impact-assessment-natural-and-built-environment-series.pdf
    • http://www.gorillawalker.com/the-advanced-driver-s-handbook.pdf
    • http://www.gorillawalker.com/dagslyset-primary-source-edition-norwegian-edition.pdf
    • http://www.gorillawalker.com/proceed-with-caution-when-engaged-by-minority-writing-in-the.pdf
    • http://www.gorillawalker.com/cassandra-s-daughter-a-history-of-psychoanalysis.pdf
    • http://www.gorillawalker.com/pect-special-education-prek-8-flashcard-study-system-pect-test.pdf
    • http://www.gorillawalker.com/solar-system-observer-s-guide.pdf
    • http://www.gorillawalker.com/evidence-based-decisionmaking-for-community-health-programs.pdf
    • http://www.gorillawalker.com/wheels-for-the-world-henry-ford-his-company-and-a.pdf
    • http://www.gorillawalker.com/the-undertaker-s-daughter-kindle-edition.pdf
    • http://www.gorillawalker.com/mujer-segura-de-si-misma-spanish-edition.pdf
    • http://www.gorillawalker.com/the-u-s-a-comprehensive-public-camping-guide-lower-48.pdf
    • http://www.gorillawalker.com/educating-learning-technology-designers-guiding-and-inspiring-creators-of-innovative.pdf
    • http://www.gorillawalker.com/cruising-alaska-a-traveller-s-guide-to-cruising-alaskan-waters.pdf
    • http://www.gorillawalker.com/how-to-draw-manga-occult-horror.pdf
    • http://www.gorillawalker.com/el-viaje-del-hombre-una-odisea-genetica-spanish-edition.pdf
    • http://www.gorillawalker.com/quantum-hall-effects-recent-theoretical-and-experime
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.