Malicious PDF — malware analysis report

Static analysis result for SHA-256 b26b8a81c6155ace…

MALICIOUS

PDF

42.4 KB Created: 2019-02-15 09:00:25 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0 (Windows))
MD5: 0a6375a67a359c655c378ba029ae1776 SHA-1: 04622c10bc2bf53aa6aed144bfdaca1ea78d789f SHA-256: b26b8a81c6155acec14df444e647a8de7fda3b6e83782accaccc885c96152c76
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by multiple heuristics, including a critical alert for a 'PDF_SEO_LINK_FARM' and ClamAV detection as 'Pdf.Dropper.Agent-7139767-0'. The document contains a large number of embedded URLs pointing to external PDF files hosted on www.gorillawalker.com. While no scripts were extracted, the structure and the sheer volume of links suggest a malicious intent, possibly to distribute further malware or engage in SEO manipulation. The ML classifier also provided a high confidence score for maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7139767-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7139767-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-gates-of-sleep-elemental-masters.pdf
    • http://www.gorillawalker.com/the-psychology-book-from-shamanism-to-cutting-edge-neuroscience-250.pdf
    • http://www.gorillawalker.com/mama-talks-too-much.pdf
    • http://www.gorillawalker.com/undertaking-a-fostering-assessment-in-wales-a-guide-to-collecting.pdf
    • http://www.gorillawalker.com/steve-biko-ohio-short-histories-of-africa.pdf
    • http://www.gorillawalker.com/fundamentals-of-youth-triathlon-a-beginner-s-guide-for-parents.pdf
    • http://www.gorillawalker.com/the-unequal-homeless-men-on-the-streets-women-in-their.pdf
    • http://www.gorillawalker.com/retro-arduino-rebuild-old-toys-with-arduino.pdf
    • http://www.gorillawalker.com/black-box-why-air-safety-is-no-accident.pdf
    • http://www.gorillawalker.com/greek-tragedy-modern-essays-in-criticism.pdf
    • http://www.gorillawalker.com/alligator-i-am-av2-weigl.pdf
    • http://www.gorillawalker.com/train-your-mind-change-your-brain-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/soccer-skills-defending-a-complete-guide-to-tactics-and-training.pdf
    • http://www.gorillawalker.com/consumers-know-your-rights-it-s-your-law-series-11.pdf
    • http://www.gorillawalker.com/dinosaurs-a-little-owl-book.pdf
    • http://www.gorillawalker.com/breaking-the-storm-credence-curse-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-olympic-games-in-ancient-greece-ancient-olympia-and-the.pdf
    • http://www.gorillawalker.com/valleys-of-the-assassins-and-other-persian-travels.pdf
    • http://www.gorillawalker.com/someone-like-you-kindle-edition.pdf
    • http://www.gorillawalker.com/nasa-sp-44-proceedings-of-the-conference-on-the-law.pdf
    • http://www.gorillawalker.com/instant-personal-poster-sets-biography-report-30-big-write-and.pdf
    • http://www.gorillawalker.com/next-spring-an-oriole-turtleback-school-library-binding-edition-stepping.pdf
    • http://www.gorillawalker.com/andrew-henry-s-meadow.pdf
    • http://www.gorillawalker.com/vogue-knitting-on-the-go-ponchos.pdf
    • http://www.gorillawalker.com/ats-medical-inc-atsi-financial-and-strategic-analysis-review-download.pdf
    • http://www.gorillawalker.com/aa-driver-s-atlas-britain-2009.pdf
    • http://www.gorillawalker.com/the-rise-and-fall-of-the-scottish-cotton-industry-1778.pdf
    • http://www.gorillawalker.com/priesthood-our-need-god-s-provision-kindle-edition.pdf
    • http://www.gorillawalker.com/annabelle-s-angel-christmas-holiday-extravaganza-kindle-edition.pdf
    • http://www.gorillawalker.com/photography-the-concise-guide.pdf
    • http://www.gorillawalker.com/la-magia-la-realidad-encantada-coleccion-bibliotheca-philologica-spanish-edition.pdf
    • http://www.gorillawalker.com/creative-recording-vol-2-microphones-acoustics-soundproofing-and-monitoring.pdf
    • http://www.gorillawalker.com/sofrito.pdf
    • http://www.gorillawalker.com/exotic-option-pricing-and-advanced-levy-models.pdf
    • http://www.gorillawalker.com/beaux-stratagem.pdf
    • http://www.gorillawalker.com/a-ghost-in-trieste.pdf
    • http://www.gorillawalker.com/top-notch-fundamentals-b-split-student-book-with-activebook-and.pdf
    • http://www.gorillawalker.com/drifter-pik-lando-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/a-queen-of-tears-caroline-matilda-queen-of-denmark-and.pdf
    • http://www.gorillawalker.com/studies-in-etymology-2nd-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.