Malicious PDF — malware analysis report

Static analysis result for SHA-256 b8b4b0edc69ff7b2…

MALICIOUS

PDF

44.1 KB Created: 2018-11-23 08:09:06 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: dfcdc91574b950dad1c6bddc4f8f9bad SHA-1: acdd06c781d7b769213d556893274704581d10b5 SHA-256: b8b4b0edc69ff7b2e8c05ccf33c3333130d183227cfb86794c21a358319f659b
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. ClamAV detected this file as Pdf.Dropper.Agent-7216952-0, and an ML classifier also flagged it as malicious. No scripts were extracted, and the document body was heavily obfuscated, but the sheer volume of links suggests a malicious intent to redirect users.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7216952-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7216952-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/horrible-histories-gorgeous-georgians.pdf
    • http://www.gorillawalker.com/new-york-giants-nfl-s-greatest-teams.pdf
    • http://www.gorillawalker.com/minuet-and-trio-from-water-music-french-horn-solo-and.pdf
    • http://www.gorillawalker.com/mazurka-for-alto-saxophone-and-piano.pdf
    • http://www.gorillawalker.com/greek-classics-2nd-edition-teacher-s-guide-questions-for-the.pdf
    • http://www.gorillawalker.com/u-s-history-skillbook-with-writing-instruction-and-practice.pdf
    • http://www.gorillawalker.com/the-power-of-the-dark-side-creating-great-villains-dangerous.pdf
    • http://www.gorillawalker.com/judgment-great-news-or-dreaded-dilemma-kindle-edition.pdf
    • http://www.gorillawalker.com/fundamentalist-world-the-new-dark-age-of-dogma.pdf
    • http://www.gorillawalker.com/united-states-foreign-oil-policy-since-world-war-i-for.pdf
    • http://www.gorillawalker.com/up-yours.pdf
    • http://www.gorillawalker.com/designing-parts-with-solidworks.pdf
    • http://www.gorillawalker.com/101-things-to-do-in-tennessee-before-you-up-and.pdf
    • http://www.gorillawalker.com/collins-english-dictionary-kindle-edition.pdf
    • http://www.gorillawalker.com/bent-over-his-desk-hot-office-kink.pdf
    • http://www.gorillawalker.com/scots-irish-in-pennsylvania-kentucky-scots-irish-chronicles.pdf
    • http://www.gorillawalker.com/rediscovery-of-gnosticism.pdf
    • http://www.gorillawalker.com/cuffsy-wuffsy-volume-25.pdf
    • http://www.gorillawalker.com/color-influencing-form-a-color-coursebook.pdf
    • http://www.gorillawalker.com/hand-book-of-life-and-accident-insurance-on-the-mutual.pdf
    • http://www.gorillawalker.com/regresi.pdf
    • http://www.gorillawalker.com/principles-of-corrosion-engineering-and-corrosion-control.pdf
    • http://www.gorillawalker.com/the-pocket-guide-to-musicals.pdf
    • http://www.gorillawalker.com/complete-guitar-player-blues-ragtime-the-complete-guitar-player-series.pdf
    • http://www.gorillawalker.com/soldiers-in-fur-and-feathers-the-animals-that-served-in.pdf
    • http://www.gorillawalker.com/technic-is-fun-book-4-late-intermediate-hirschberg.pdf
    • http://www.gorillawalker.com/st-paul-versus-st-peter-a-tale-of-two-missions.pdf
    • http://www.gorillawalker.com/coal-21st-century-skills-library-power-up-kindle-edition.pdf
    • http://www.gorillawalker.com/michael-light-la-day-la-night.pdf
    • http://www.gorillawalker.com/tweening-the-girl-the-crystallization-of-the-tween-market-mediated.pdf
    • http://www.gorillawalker.com/mellie-s-submission-men-of-mckenna-downs-4-siren-publishing.pdf
    • http://www.gorillawalker.com/el-croquis-arquitectonico-the-architectural-drawings-spanish-edition.pdf
    • http://www.gorillawalker.com/counseling-persons-with-communication-disorders-and-their-families.pdf
    • http://www.gorillawalker.com/i-only-want-what-s-best-for-you-a-parent.pdf
    • http://www.gorillawalker.com/little-black-classics-trimalchio-s-feast.pdf
    • http://www.gorillawalker.com/photographic-atlas-of-practical-anatomy-ii-neck-head-back-chest.pdf
    • http://www.gorillawalker.com/can-omega-3-oils-stop-prostate-enlargement-helps-protect-your.pdf
    • http://www.gorillawalker.com/vimalakirti-nirdesa-sutra-the-clear-light-series.pdf
    • http://www.gorillawalker.com/charmfall-dark-elite-book-3.pdf
    • http://www.gorillawalker.com/growing-up-in-the-new-south-africa-childhood-and-adolescence.pdf
    • http://www.gorillawalker.com/the-power-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.