Malicious PDF — malware analysis report

Static analysis result for SHA-256 830a7c64649f74b6…

MALICIOUS

PDF

42.1 KB Created: 2019-02-12 12:53:43 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 30c2e536e5d2ea976453c024fd1fb812 SHA-1: 6461d21cbf5d0720f43de2c83f0062ed685e0861 SHA-256: 830a7c64649f74b620085bac3378c311be56ad4ab94a21155db311d4d8f06272
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ClamAV detection and ML classifier further support its malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7139617-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7139617-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/s-a-t-p-sexual-addiction-workbook.pdf
    • http://www.gorillawalker.com/the-next-africa-an-emerging-continent-becomes-a-global-powerhouse.pdf
    • http://www.gorillawalker.com/genetically-engineered-mice-handbook-research-methods-for-mutant-mice.pdf
    • http://www.gorillawalker.com/a-companion-to-philosophy-of-law-and-legal-theory-blackwell.pdf
    • http://www.gorillawalker.com/spring-equinox-the.pdf
    • http://www.gorillawalker.com/biologic-agents-for-psoriasis-drug-update-an-article-from-family.pdf
    • http://www.gorillawalker.com/strahle-s-bailiwick-vol-i-strahle-s-bailiwick-volume-1.pdf
    • http://www.gorillawalker.com/kayaking-the-maine-coast-a-paddler-s-guide-to-day.pdf
    • http://www.gorillawalker.com/ganar-por-suerte-evaluaci.pdf
    • http://www.gorillawalker.com/trading-economics-a-guide-to-economic-statistics-for-practitioners-and.pdf
    • http://www.gorillawalker.com/holt-literature-language-arts-warriner-s-handbook-california-student-edition.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-lock-picking.pdf
    • http://www.gorillawalker.com/the-united-states-balance-of-payments-problem-commercial-policy-series.pdf
    • http://www.gorillawalker.com/cases-in-communications-law.pdf
    • http://www.gorillawalker.com/love-under-two-undercover-cops-the-lusty-texas-collection-siren.pdf
    • http://www.gorillawalker.com/thermodynamic-and-economic-evaluation-of-co2-refrigeration-systems-exergetic-and.pdf
    • http://www.gorillawalker.com/st-peter-mass-an-easy-english-language-setting-of-the.pdf
    • http://www.gorillawalker.com/world-special-forces-insignia-osprey-elite-series-22.pdf
    • http://www.gorillawalker.com/mountain-bike-adventures-in-the-four-corners-region-by-mccoy.pdf
    • http://www.gorillawalker.com/cases-in-midwifery-with-references-and-remarks-volume-v-2.pdf
    • http://www.gorillawalker.com/don-t-ask-don-t-tell.pdf
    • http://www.gorillawalker.com/the-history-boys-a-play.pdf
    • http://www.gorillawalker.com/a-glossary-of-plastics-terminology-in-7-languages-with-cdrom.pdf
    • http://www.gorillawalker.com/blackbeard-the-life-and-legacy-of-history-s-most-famous.pdf
    • http://www.gorillawalker.com/break-on-through-life-and-death-of-jim-morrison.pdf
    • http://www.gorillawalker.com/geschichte-des-materialismus-und-kritik-seiner-bedeutung-in-der-gegenwart.pdf
    • http://www.gorillawalker.com/the-looming-tower-al-qaeda-and-the-road-to-9.pdf
    • http://www.gorillawalker.com/just-voices-jazz-vocal-score-ssa-or-sat-and-piano.pdf
    • http://www.gorillawalker.com/the-science-of-well-being.pdf
    • http://www.gorillawalker.com/the-official-vintage-guitar-magazine-price-guide-2007-edition.pdf
    • http://www.gorillawalker.com/the-fatal-conceit-the-errors-of-socialism-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/peter-maxwell-davies.pdf
    • http://www.gorillawalker.com/kid-wrangling-the-real-guide-to-caring-for-babies-toddlers.pdf
    • http://www.gorillawalker.com/the-basic-writings-of-c-g-jung.pdf
    • http://www.gorillawalker.com/limnology-learn-and-write-korean-edition.pdf
    • http://www.gorillawalker.com/umbria-philip-s-travel-guide.pdf
    • http://www.gorillawalker.com/trick-erotic-thriller-fifty-shades-of-gay-book-1-kindle.pdf
    • http://www.gorillawalker.com/woyzeck-drama-classics.pdf
    • http://www.gorillawalker.com/confessional-box.pdf
    • http://www.gorillawalker.com/franklin-d-roosevelt-presidential-biographies.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.