Malicious PDF — malware analysis report

Static analysis result for SHA-256 bb1288cbf2b0a781…

MALICIOUS

PDF

35.2 KB Created: 2019-07-20 19:51:31 +03:00 Authoring application: Adobe Acrobat Pro 10.0.0 (via ESP Ghostscript 7.07)
MD5: 3e2612482c651c20c736fd733c54cfdd SHA-1: 59bfb0dec5dfd21d260afd8f304e499eb324a358 SHA-256: bb1288cbf2b0a781f7268ed544a7d7f376c7dc75c9a2cef1217cf94c2d8f7971
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was detected as a dropper by ClamAV and exhibits a large number of external links, indicating a likely SEO manipulation or content distribution scheme. The embedded URLs point to various PDF documents hosted on www.gorillawalker.com, suggesting a link farm or a method to redirect users to potentially malicious content. No scripts were extracted from this sample.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7102549-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7102549-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dharma-tweets-mindfulness-in-140-characters-or-less.pdf
    • http://www.gorillawalker.com/the-human-body-in-health-disease-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/the-effect-of-economic-inflation-on-local-public-library-support.pdf
    • http://www.gorillawalker.com/practical-cataloguing.pdf
    • http://www.gorillawalker.com/coercion-book-two-of-three-a-bbw-serial-romance-montana.pdf
    • http://www.gorillawalker.com/the-year-book-of-podiatric-medicine-and-surgery-1996.pdf
    • http://www.gorillawalker.com/wordpress-and-ajax-an-in-depth-guide-on-using-ajax.pdf
    • http://www.gorillawalker.com/jeff-kelly-s-boat-renters-guide-to-the-florida-keys.pdf
    • http://www.gorillawalker.com/ion-beams-in-tumor-therapy.pdf
    • http://www.gorillawalker.com/duster-dustbunny-s-seven-days-of-the-week-and-twelve.pdf
    • http://www.gorillawalker.com/wrath-games-pyforial-mage-trilogy-book-2-volume-2.pdf
    • http://www.gorillawalker.com/opening-paul-s-letters-a-reader-s-guide-to-genre.pdf
    • http://www.gorillawalker.com/cytochemical-detection-of-acute-myeloid-leukemia-in-crevicular-fluid-leukocytes.pdf
    • http://www.gorillawalker.com/introduction-to-critical-care-nursing-4th-fourth-edition-by-mary.pdf
    • http://www.gorillawalker.com/brenner-and-rector-s-the-kidney-2-volume-set-10e.pdf
    • http://www.gorillawalker.com/making-the-modern-medical-school-the-wisconsin-stories-1st-edition.pdf
    • http://www.gorillawalker.com/structural-failure.pdf
    • http://www.gorillawalker.com/introduction-to-children-with-language-disorders-an-3rd-edition.pdf
    • http://www.gorillawalker.com/skinwalker-ranch-no-trespassing.pdf
    • http://www.gorillawalker.com/signum-die-verratenen-adler-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/boughs-of-evergreen-a-holiday-anthology-volume-two.pdf
    • http://www.gorillawalker.com/programming-in-prolog-using-the-iso-text-only-5th-fifth.pdf
    • http://www.gorillawalker.com/jean-baptiste-loeillet-twelve-sonatas-for-alto-treble-recorder-and.pdf
    • http://www.gorillawalker.com/tales-of-the-chastity-belt-5.pdf
    • http://www.gorillawalker.com/the-greatest-problem-religion-and-state-formation-in-meiji-japan.pdf
    • http://www.gorillawalker.com/oswald-return-of-the-king-the-northumbrian-thrones.pdf
    • http://www.gorillawalker.com/art-and-ecology-in-nineteenth-century-france.pdf
    • http://www.gorillawalker.com/information-technology-and-the-law-an-international-bibliography.pdf
    • http://www.gorillawalker.com/across-the-board-steps-to-academic-reading-3-student-book.pdf
    • http://www.gorillawalker.com/the-way-forward-solutions-to-england-s-football-failings.pdf
    • http://www.gorillawalker.com/the-official-price-guide-to-hummel-figurines-plates-by-the.pdf
    • http://www.gorillawalker.com/elihu-root-collection-of-united-states-documents-relating-to-the.pdf
    • http://www.gorillawalker.com/artificial-intelligence-a-guide-to-intelligent-vehicle.pdf
    • http://www.gorillawalker.com/nostalgie-automobile-rassemblement-de-vehicules-anciens-calvendo-technologie-french-edition.pdf
    • http://www.gorillawalker.com/investing-and-tax-saving-for-nri-made-easy.pdf
    • http://www.gorillawalker.com/secret-projects-flying-saucer-aircraft.pdf
    • http://www.gorillawalker.com/pocket-encyclopedia-of-real-estate.pdf
    • http://www.gorillawalker.com/adobe-indesign-cs3-revealed.pdf
    • http://www.gorillawalker.com/hal-leonard-fingerstyle-ukulele-a-method-songbook-for-fingerpicking-backup.pdf
    • http://www.gorillawalker.com/civilization-in-the-west-volume-2-since-1555-7th-edition.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.