Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8c0ed2615e658c7…

MALICIOUS

PDF

32.5 KB Created: 2019-09-15 17:18:10 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: e16b36584eb44c0807cbb48035ea5249 SHA-1: f2f06f1a9e06996eb8db9948d96c33d9e375e814 SHA-256: a8c0ed2615e658c7a1c9815bddabc0dca120cfb1de9aac86ba5e96ed60a320b3
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file was detected as malicious by ClamAV and an ML classifier. Static analysis revealed a critical heuristic firing for a PDF link farm, containing 32 external links to other PDF documents hosted on www.gorillawalker.com. The document body is heavily obfuscated and unreadable, but the presence of numerous links suggests a lure to download further malicious content or engage in SEO manipulation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8488

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7181774-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7181774-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/scandal-proof-do-ethics-laws-make-government-ethical.pdf
    • http://www.gorillawalker.com/abbasid-belles-lettres-the-cambridge-history-of-arabic-literature.pdf
    • http://www.gorillawalker.com/life-in-the-iron-mills-or-the-korl-woman.pdf
    • http://www.gorillawalker.com/dogs-1-100-photos.pdf
    • http://www.gorillawalker.com/practice-and-theory-in-comparative-law.pdf
    • http://www.gorillawalker.com/hotel-law-oxford-higher-education.pdf
    • http://www.gorillawalker.com/extinction-point-extinction-point-series-book-1.pdf
    • http://www.gorillawalker.com/mr-boston-official-bartender-s-guide-63rd-edition-revised-and.pdf
    • http://www.gorillawalker.com/construction-law-of-the-peoples-republic-of-china-chinese-edition.pdf
    • http://www.gorillawalker.com/india-in-classical-greek-writings.pdf
    • http://www.gorillawalker.com/journal-of-paleontology-paleobiology-of-comanchean-cretaceous-cariids-cardiinae-north.pdf
    • http://www.gorillawalker.com/the-gambler-s-daughter.pdf
    • http://www.gorillawalker.com/dog-ailments-recognition-and-treatment-tv-vet-dog-book.pdf
    • http://www.gorillawalker.com/the-orbit-method-in-geometry-and-physics-in-honor-of.pdf
    • http://www.gorillawalker.com/epidemics-deadly-diseases-throughout-history-the-plague-aids-tuberculosis-cholera.pdf
    • http://www.gorillawalker.com/hymns-re-harmonized-keepsake-edition-piano-solo-sacred-folio.pdf
    • http://www.gorillawalker.com/encyclopedia-of-immunology-four-volume-set-second-edition.pdf
    • http://www.gorillawalker.com/vlad-iii-dracula-vida-y-leyenda-de-el-empalador-principe.pdf
    • http://www.gorillawalker.com/renaissance-paris-architecture-and-growth-1475-1600.pdf
    • http://www.gorillawalker.com/parkinsons-in-the-park-for-children-of-parents-with-parkinsons.pdf
    • http://www.gorillawalker.com/bifurcation-and-degradation-of-geomaterials-in-the-new-millennium-proceedings.pdf
    • http://www.gorillawalker.com/tales-of-the-alhambra-with-original-illustrations-kindle-edition.pdf
    • http://www.gorillawalker.com/bob-blackburn-s-printmaking-workshop-artists-of-color.pdf
    • http://www.gorillawalker.com/dolphins-101-amazing-dolphin-facts-for-kids-kindle-unlimited-for.pdf
    • http://www.gorillawalker.com/jacobs-beach-the-mob-the-fights-the-fifties.pdf
    • http://www.gorillawalker.com/her-shirtless-gentleman.pdf
    • http://www.gorillawalker.com/initiate-s-trial-wars-of-light-and-shadow-sword-of.pdf
    • http://www.gorillawalker.com/king-midas-and-the-golden-touch-paperback.pdf
    • http://www.gorillawalker.com/introductory-quantum-physics-and-relativity.pdf
    • http://www.gorillawalker.com/the-american-film-institute-catalog-of-motion-pictures-produced-in.pdf
    • http://www.gorillawalker.com/budgeting-the-21-day-budgeting-challenge-learn-key-strategies-to.pdf
    • http://www.gorillawalker.com/professional-photography-the-new-global-landscape-explained.pdf
    • http://www.gorillawalker.com/the-alphabet-at-the-turn-of-the-millennium-west-semitic.pdf
    • http://www.gorillawalker.com/on-becoming-a-jungian-sandplay-therapist-the-healing-spirit-of.pdf
    • http://www.gorillawalker.com/through-western-prairies.pdf
    • http://www.gorillawalker.com/infield-hit.pdf
    • http://www.gorillawalker.com/glasnost-an-anthology-of-literature-under-gorbachev.pdf
    • http://www.gorillawalker.com/the-bachelor-bid-harlequin-comics.pdf
    • http://www.gorillawalker.com/the-earl-s-wet-nurse.pdf
    • http://www.gorillawalker.com/the-biker-gourmet-cooks-at-home.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.