Malicious PDF — malware analysis report

Static analysis result for SHA-256 73a6b613bfd06576…

MALICIOUS

PDF

41.5 KB Created: 2019-02-14 08:25:37 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: e538694fc5a2ba41293a54cb56e327b4 SHA-1: 1bb49e2463ce44e1a49c2ec8b79c1450f6cf3560 SHA-256: 73a6b613bfd06576b25e859486e42a51a2b5ce8814b6e6107b8a2c16dfe414de
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on 'gorillawalker.com'. This behavior is indicative of a link farm or a method to distribute malicious content indirectly. ClamAV also detected this file as 'Pdf.Dropper.Agent-7139855-0', further supporting its malicious nature. The primary attack pattern observed is the creation of a link farm to potentially lead users to malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7139855-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7139855-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-gospel-of-winter.pdf
    • http://www.gorillawalker.com/flatbreads-flavors-a-baker-s-atlas.pdf
    • http://www.gorillawalker.com/pischna-technical-studies-alfred-masterwork-edition.pdf
    • http://www.gorillawalker.com/13th-united-nations-regional-cartographic-conference-for-asia-and-the.pdf
    • http://www.gorillawalker.com/gooseberry-patch-christmas.pdf
    • http://www.gorillawalker.com/the-art-of-living-vipassana-meditation-as-taught-by-s.pdf
    • http://www.gorillawalker.com/project-girl.pdf
    • http://www.gorillawalker.com/madrid-y-alrededores-michelin-zoom-maps.pdf
    • http://www.gorillawalker.com/aromatherapy-basic-mechanisms-and-evidence-based-clinical-use-clinical-pharmacognosy.pdf
    • http://www.gorillawalker.com/como-aplicar-gimnasia-para-el-cerebro-tecnicas-de-autoayuda-para.pdf
    • http://www.gorillawalker.com/pocket-guides-aircraft.pdf
    • http://www.gorillawalker.com/jane-goodall-50-years-at-gombe-kindle-edition.pdf
    • http://www.gorillawalker.com/success-in-science-key-stage-2-national-tests-bk-1.pdf
    • http://www.gorillawalker.com/refugees-and-gender-law-and-process.pdf
    • http://www.gorillawalker.com/manatees-early-bird-nature-books.pdf
    • http://www.gorillawalker.com/shape-your-butt-and-thighs-weight-loss-body-sculpting-exercises.pdf
    • http://www.gorillawalker.com/100-000-miles-around-sweden.pdf
    • http://www.gorillawalker.com/acting-in-prime-time.pdf
    • http://www.gorillawalker.com/doe-simplified-practical-tools-for-effective-experimentation-third-edition.pdf
    • http://www.gorillawalker.com/first-time-with-a-babysitter-first-experiences.pdf
    • http://www.gorillawalker.com/solar-system-mission-science.pdf
    • http://www.gorillawalker.com/choppers-horsepower.pdf
    • http://www.gorillawalker.com/the-vessel-of-scion.pdf
    • http://www.gorillawalker.com/holiness-is-always-in-season.pdf
    • http://www.gorillawalker.com/prisoner-of-zion-muslims-mormons-and-other-misadventures.pdf
    • http://www.gorillawalker.com/typography-and-architecture-amsterdam-in-letters-hardcover.pdf
    • http://www.gorillawalker.com/commentary-on-the-twelve-prophets-fathers-of-the-church-vol.pdf
    • http://www.gorillawalker.com/residential-housing-interiors.pdf
    • http://www.gorillawalker.com/effects-of-increased-loudness-on-tongue-movements-during-speech-in.pdf
    • http://www.gorillawalker.com/fibromyalgia-stop-a-comprehensive-guide-on-fibromyalgia-causes-symptoms-treatments.pdf
    • http://www.gorillawalker.com/finding-walter.pdf
    • http://www.gorillawalker.com/vocabulary-flash-cards-for-the-new-naturalization-test-2009.pdf
    • http://www.gorillawalker.com/varney-s-midwifery.pdf
    • http://www.gorillawalker.com/fixing-frege-princeton-monographs-in-philosophy.pdf
    • http://www.gorillawalker.com/the-banjo-s-back-in-town-sa-t-b.pdf
    • http://www.gorillawalker.com/what-s-up-america.pdf
    • http://www.gorillawalker.com/how-to-read-a-north-carolina-beach-bubble-holes-barking.pdf
    • http://www.gorillawalker.com/pope-awesome-and-other-stories.pdf
    • http://www.gorillawalker.com/insurance-law-2007-top-lawyers-on-trends-and-key-strategies.pdf
    • http://www.gorillawalker.com/right-recovery-for-you.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.