Malicious PDF — malware analysis report

Static analysis result for SHA-256 8cb25ddfbffd826e…

MALICIOUS

PDF

42.4 KB Created: 2018-11-30 20:24:54 +03:00 Authoring application: - (via htmldoc 1.8.23 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)
MD5: 5fc1892857b0ea55882ae5477e5ee34e SHA-1: 7940161de9950d8d8172d1ad0ecb2c36da92adea SHA-256: 8cb25ddfbffd826ec09f207a27af5abf79337071fcd0fb08fd3da2e9fe219c72
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malware. ClamAV detection as 'Pdf.Dropper.Agent-7281009-0' further supports the malicious nature of this file. No scripts were extracted, and the document body was not sufficiently readable to determine a specific lure.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7281009-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7281009-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/problem-solving-strategies-reproducible-grade-4.pdf
    • http://www.gorillawalker.com/dk-readers-atlantis-the-lost-city-level-4-proficient-readers.pdf
    • http://www.gorillawalker.com/consensual-exposure-kindle-edition.pdf
    • http://www.gorillawalker.com/memorials-in-berlin-and-buenos-aires-balancing-memory-architecture-and.pdf
    • http://www.gorillawalker.com/brit-volume-2-awol.pdf
    • http://www.gorillawalker.com/combinatorial-algorithms-an-update-cbms-nsf-regional-conference-series-in.pdf
    • http://www.gorillawalker.com/trekking-in-ladakh.pdf
    • http://www.gorillawalker.com/q-a-questions-and-answers-for-the-private-pilot-s.pdf
    • http://www.gorillawalker.com/above-and-beyond-visualizing-change-in-small-towns-and-rural.pdf
    • http://www.gorillawalker.com/devised-and-collaborative-theatre-a-practical-guide.pdf
    • http://www.gorillawalker.com/estoppel-by-conduct-and-election.pdf
    • http://www.gorillawalker.com/how-to-prepare-a-standout-college-application-expert-advice-that.pdf
    • http://www.gorillawalker.com/corrosion-handbook-the-ecs-series-of-texts-and-monographs.pdf
    • http://www.gorillawalker.com/the-cook-s-illustrated-cookbook-2-000-recipes-from-20.pdf
    • http://www.gorillawalker.com/shadow-and-light-shadow-light.pdf
    • http://www.gorillawalker.com/2010-draw-your-own-art-kid-s-kalendars-calendar.pdf
    • http://www.gorillawalker.com/theory-and-practice-of-tabla.pdf
    • http://www.gorillawalker.com/so-not-a-cowboy.pdf
    • http://www.gorillawalker.com/williams-life-thru-a-lens-pvg.pdf
    • http://www.gorillawalker.com/the-gardens-of-democracy-a-new-american-story-of-citizenship.pdf
    • http://www.gorillawalker.com/a-literary-history-of-persia.pdf
    • http://www.gorillawalker.com/carnage-and-connectivity-landmarks-in-the-decline-of-conventional-military.pdf
    • http://www.gorillawalker.com/introduction-to-applied-quantum-chemistry.pdf
    • http://www.gorillawalker.com/facilitating-literacy-using-experience-books-a-case-study-of-two.pdf
    • http://www.gorillawalker.com/ketogenic-diet-ketosis-for-diabetes-lower-your-blood-sugar-and.pdf
    • http://www.gorillawalker.com/religious-fundamentalism-in-the-contemporary-world-critical-social-and-political.pdf
    • http://www.gorillawalker.com/walt-disney-world-universal-orlando-also-includes-seaworld-and-central.pdf
    • http://www.gorillawalker.com/the-history-of-photography-from-1839-to-the-present-day.pdf
    • http://www.gorillawalker.com/la-fiesta-de-jesus-5-la-eucaristia-es-una-fiesta.pdf
    • http://www.gorillawalker.com/how-to-stage-a-play-make-a-fortune-win-a.pdf
    • http://www.gorillawalker.com/5cds-for-new-practical-chinese-reader-textbook-vol-4-chinese.pdf
    • http://www.gorillawalker.com/the-gorge.pdf
    • http://www.gorillawalker.com/el-method-overcoming-shyness-fear-of-public-speaking-insecurity-low.pdf
    • http://www.gorillawalker.com/armed-conflict-and-environmental-damage-kindle-edition.pdf
    • http://www.gorillawalker.com/applikation-eines-trainingsprogramms-an-konzentrationsauffalligen-vorschulkindern-in-verbindung-mit-imaginativen.pdf
    • http://www.gorillawalker.com/el-orinal-del-pirata-spanish-edition.pdf
    • http://www.gorillawalker.com/cantico-del-sol-di-francesco-d-assisi-s-4-2nd.pdf
    • http://www.gorillawalker.com/mi-libro-de-cocina-vegana-cocina-natural-spanish-edition.pdf
    • http://www.gorillawalker.com/bolt-action-armies-of-the-soviet-union.pdf
    • http://www.gorillawalker.com/stray-bullet.pdf
    • http://www.gorillawalker.com/tr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.