Malicious PDF — malware analysis report

Static analysis result for SHA-256 c2008e2b9233b6e8…

MALICIOUS

PDF

42.2 KB Created: 2019-03-17 02:04:34 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.17)
MD5: 81d8c42a0f9ca03d6ee7f9b0b207b148 SHA-1: 07d88a0af5e6d80a7d950363eae8839dc0361dec SHA-256: c2008e2b9233b6e8d8c5a658a0ee725ceeea2e1ede5b57ebe245793ab6599d6d
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to redirect users to potentially malicious content hosted on the `gorillawalker.com` domain. The ClamAV detection further supports its malicious nature. No scripts were extracted from this sample.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7186517-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7186517-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/what-will-the-weather-be-like-today.pdf
    • http://www.gorillawalker.com/nina-and-the-magical-carnival.pdf
    • http://www.gorillawalker.com/drive-a-tractor-board-book.pdf
    • http://www.gorillawalker.com/diamonds-of-the-north-a-concise-history-of-baseball-in.pdf
    • http://www.gorillawalker.com/distributed-objects-meaning-and-mattering-after-alfred-gell.pdf
    • http://www.gorillawalker.com/william-edwin-hall-boys-and-girls-clubs-1935-1950-mobilizing.pdf
    • http://www.gorillawalker.com/focused-fandom-cosplay-costuming-and-careers.pdf
    • http://www.gorillawalker.com/north-atlantic-ocean-south-america-suriname-paramaribo-and-approaches-to.pdf
    • http://www.gorillawalker.com/fodor-s-new-york-city-with-on-the-go-map.pdf
    • http://www.gorillawalker.com/landing-craft-infantry-and-fire-support-new-vanguard.pdf
    • http://www.gorillawalker.com/polymer-physics-a-molecular-approach.pdf
    • http://www.gorillawalker.com/acts-of-war-the-usurper-s-war-book-2.pdf
    • http://www.gorillawalker.com/the-ghost-and-the-dead-deb-haunted-bookshop-mystery.pdf
    • http://www.gorillawalker.com/the-resegregation-of-suburban-schools-a-hidden-crisis-in-american.pdf
    • http://www.gorillawalker.com/the-gray-fedora.pdf
    • http://www.gorillawalker.com/formguide-formf-cher-understand-design-terms-design-begriffe-begreifen-english.pdf
    • http://www.gorillawalker.com/cns-home-health-specialty-review-and-self-assessment-statpearls-review.pdf
    • http://www.gorillawalker.com/instruction-of-the-student-the-method-of-learning.pdf
    • http://www.gorillawalker.com/the-micro-doppler-effect-in-radar-with-dvd-artech-house.pdf
    • http://www.gorillawalker.com/the-pandora-curse.pdf
    • http://www.gorillawalker.com/best-of-guns-n-roses-bass-play-it-like-it.pdf
    • http://www.gorillawalker.com/the-h-book-everything-you-never-wanted-to-know-about.pdf
    • http://www.gorillawalker.com/common-pitfalls-in-sleep-medicine-case-based-learning.pdf
    • http://www.gorillawalker.com/where-serpents-lie.pdf
    • http://www.gorillawalker.com/unbarred-my-neo-hip-hop-soul.pdf
    • http://www.gorillawalker.com/gorgeous-for-good-a-simple-30-day-program-for-lasting.pdf
    • http://www.gorillawalker.com/abs-building-diet-kindle-edition.pdf
    • http://www.gorillawalker.com/project-mayhem-project-butterfly-series-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/there-s-no-mystery-to-the-bible.pdf
    • http://www.gorillawalker.com/hebrew-english-english-hebrew-dictionary-and-phrasebook-hippocrene-dictionary-and.pdf
    • http://www.gorillawalker.com/shafted-an-absorbing-suspenseful-erotic-thriller.pdf
    • http://www.gorillawalker.com/natural-prophets-from-health-foods-to-whole-foods-how-the.pdf
    • http://www.gorillawalker.com/dudley-s-gear-handbook.pdf
    • http://www.gorillawalker.com/freek-camp-freeks-series-1.pdf
    • http://www.gorillawalker.com/eu-security-governance.pdf
    • http://www.gorillawalker.com/biopolitics-political-psychology-and-international-politics.pdf
    • http://www.gorillawalker.com/softly-sweetly-tenderly.pdf
    • http://www.gorillawalker.com/tea.pdf
    • http://www.gorillawalker.com/life-battles-and-career-of-battling-nelson-lightweight-champion-of.pdf
    • http://www.gorillawalker.com/52-reasons-i-love-my-cat-why-i-think-cats.pdf
    • http://www.gorillawalker.com/north-atlantic-ocean-so
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.