Malicious PDF — malware analysis report

Static analysis result for SHA-256 aee9eebf83e0058c…

MALICIOUS

PDF

45.0 KB Created: 2018-11-23 21:09:08 +03:00 Authoring application: Adobe InDesign CC 2015 (Windows) (via Adobe PDF Library 15.0)
MD5: a9a4b5870a0e5e2cc27d3d605eda604e SHA-1: fc06680017599cf08f35063e150dc5aedf44761d SHA-256: aee9eebf83e0058c99933c5c048be99944fd85555be0aed1506f41ca576f18f1
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7293171-0 and a machine learning classifier. Static analysis revealed a critical heuristic firing for PDF_SEO_LINK_FARM, indicating the presence of numerous external links. These links, all pointing to PDFs on www.gorillawalker.com, suggest a coordinated effort to distribute content or manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7293171-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7293171-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/holt-collier-his-life-his-roosevelt-hunts-and-the-origin.pdf
    • http://www.gorillawalker.com/coatings-tribology-properties-techniques-and-applications-in-surface-engineering-tribology.pdf
    • http://www.gorillawalker.com/what-s-your-iq-rate-raise-your-intelligence-with-300.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-manga-rough-guide-reference.pdf
    • http://www.gorillawalker.com/biology-haterchty-and-culture-technology-of-tiger-prawns-and-giant.pdf
    • http://www.gorillawalker.com/complete-solutions-guide-volume-1-calculus-v-1.pdf
    • http://www.gorillawalker.com/the-melting-pot.pdf
    • http://www.gorillawalker.com/sacred-solos-for-the-flute-volume-1.pdf
    • http://www.gorillawalker.com/u-s-marines-close-quarter-combat-manual.pdf
    • http://www.gorillawalker.com/rhythm-rhyme-move-in-time-games-and-songs-to-get.pdf
    • http://www.gorillawalker.com/psat-test-prep-essential-vocabulary-review-flashcards-psat-study-guide.pdf
    • http://www.gorillawalker.com/holt-biology-south-carolina-holt-biology-test-preparation-workbook.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-american-legal-system-2nd-edition.pdf
    • http://www.gorillawalker.com/the-gentleman-s-guide-to-the-nasty-divorce.pdf
    • http://www.gorillawalker.com/the-technique-of-north-american-indian-beadwork.pdf
    • http://www.gorillawalker.com/sound-reproduction-the-acoustics-and-psychoacoustics-of-loudspeakers-and-rooms.pdf
    • http://www.gorillawalker.com/flotsam.pdf
    • http://www.gorillawalker.com/city-of-falling-angels.pdf
    • http://www.gorillawalker.com/mental-health-social-work.pdf
    • http://www.gorillawalker.com/be-funny-or-die-the-1-night-stand-quickie-guide.pdf
    • http://www.gorillawalker.com/research-design-in-social-research.pdf
    • http://www.gorillawalker.com/dominoes-level-1-400-word-vocabulary-pollyanna-dominos-level-1.pdf
    • http://www.gorillawalker.com/publishing-and-cultural-politics-in-revolutionary-paris-1789-1810-studies.pdf
    • http://www.gorillawalker.com/church-growth-and-the-whole-gospel-a-biblical-mandate.pdf
    • http://www.gorillawalker.com/cross-sectional-human-anatomy.pdf
    • http://www.gorillawalker.com/best-mariachi-in-the-world-el.pdf
    • http://www.gorillawalker.com/free-energy-device-handbook-lost-science-adventures-unlimited-press.pdf
    • http://www.gorillawalker.com/euthanasia-clinical-practice-and-the-law.pdf
    • http://www.gorillawalker.com/critical-security-methods-new-frameworks-for-analysis-new-international-relations.pdf
    • http://www.gorillawalker.com/physical-medicine-and-rehabilitation-pocketpedia.pdf
    • http://www.gorillawalker.com/cambridge-checkpoints-hsc-studies-of-religion-2016-18.pdf
    • http://www.gorillawalker.com/quaternary-environmental-micropaleontology.pdf
    • http://www.gorillawalker.com/by-lonely-planet-lonely-planet-mauritius-reunion-seychelles-travel-guide.pdf
    • http://www.gorillawalker.com/the-wheels-on-the-bus-sing-along-rhymes.pdf
    • http://www.gorillawalker.com/tales-of-duck-and-goose-shooting.pdf
    • http://www.gorillawalker.com/excet-art-sample-test-all-level-secondary-005-006-texas.pdf
    • http://www.gorillawalker.com/2012-intravenous-medications-a-handbook-for-nurses-and-health-professionals.pdf
    • http://www.gorillawalker.com/healthy-smoothie-recipes-for-colds-and-flu-2nd-edition-kindle.pdf
    • http://www.gorillawalker.com/severe-weather-flying-aopa-mcgraw-hill-series-in-general-aviation.pdf
    • http://www.gorillawalker.com/brasov-harta-orasului-poiana-brasov-harta-turistica-1-10-000.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.