Malicious PDF — malware analysis report

Static analysis result for SHA-256 d6a66acf8ce6b358…

MALICIOUS

PDF

44.0 KB Created: 2018-11-23 08:00:47 +03:00 Authoring application: Adobe Acrobat 7.0 (via Adobe Acrobat 7.0 Image Conversion Plug-in)
MD5: 9c168d48e6ee71fe6e67a940f39b235b SHA-1: 77657fe7d036d1fcca10f7a49e4efada25214b66 SHA-256: d6a66acf8ce6b358e7bfaa2810fdc11f5c57c0293090139000d5d984d6c1d73d
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7309629-0 and a machine learning classifier indicated a high probability of maliciousness. The critical heuristic PDF_SEO_LINK_FARM indicates the document contains a large number of external links, all pointing to PDFs hosted on www.gorillawalker.com. This suggests the document's primary purpose is to act as a link farm, likely for SEO manipulation or to distribute further malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7309629-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7309629-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/northwest-trees.pdf
    • http://www.gorillawalker.com/vulpes-the-red-fox.pdf
    • http://www.gorillawalker.com/the-best-science-fiction-and-fantasy-of-the-year-volume.pdf
    • http://www.gorillawalker.com/the-osha-training-answer-book-2nd-edition.pdf
    • http://www.gorillawalker.com/the-gr-bner-annihilator-graph-of-a-ring-using-gr.pdf
    • http://www.gorillawalker.com/learners-with-disabilities-a-social-systems-perspective-of-special-education.pdf
    • http://www.gorillawalker.com/the-confident-student-textbook-specific-csfi.pdf
    • http://www.gorillawalker.com/torta-cacao-e-yogurt-le-mie-prime-ricette-vol-1.pdf
    • http://www.gorillawalker.com/the-ankh-african-origin-of-electromagnetism.pdf
    • http://www.gorillawalker.com/managing-customer-relationships-a-strategic-framework-1st-first-edition.pdf
    • http://www.gorillawalker.com/mine-eyes-have-seen-the-glory-instrumental-parts-b-flat.pdf
    • http://www.gorillawalker.com/hitler-s-escape-second-edition.pdf
    • http://www.gorillawalker.com/residential-integrator-s-customer-relations.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-overcoming-procrastination-2e-idiot.pdf
    • http://www.gorillawalker.com/dutch-academy-football-coaching-u12-13-technical-and-tactical-practices.pdf
    • http://www.gorillawalker.com/the-unofficial-guide-to-disneyland-2013-unofficial-guides.pdf
    • http://www.gorillawalker.com/women-in-long-island-s-past-a-history-of-eminent.pdf
    • http://www.gorillawalker.com/connecting-the-dots-tyree-guyton-s-heidelberg-project-painted-turtle.pdf
    • http://www.gorillawalker.com/the-scripture-principle.pdf
    • http://www.gorillawalker.com/sonata-in-b-major-for-two-mandolins-and-bass-italian.pdf
    • http://www.gorillawalker.com/microfax-star-wars-rebel-alliance-pack-funfax.pdf
    • http://www.gorillawalker.com/the-history-of-korea-the-greenwood-histories-of-the-modern.pdf
    • http://www.gorillawalker.com/the-icon-critical-dictionary-of-postmodern-thought-icon-critical-dictionaries.pdf
    • http://www.gorillawalker.com/take-my-words.pdf
    • http://www.gorillawalker.com/the-compl-dog-bk-17e-clo-the-photograph-history-and.pdf
    • http://www.gorillawalker.com/attention-people-with-body-parts.pdf
    • http://www.gorillawalker.com/quick-skills-teamwork.pdf
    • http://www.gorillawalker.com/the-complete-prose-tales-of-alexandr-sergeyevitch-pushkin.pdf
    • http://www.gorillawalker.com/the-light-of-day-a-beyond-the-horizon-novel-kindle.pdf
    • http://www.gorillawalker.com/doorposts.pdf
    • http://www.gorillawalker.com/la-riche-et-nombreuse-collection-de-tableaux-anciens-et-modernes.pdf
    • http://www.gorillawalker.com/nursing-care-plans-documentation-nursing-diagnosis-collaborative-problems-4th-edition.pdf
    • http://www.gorillawalker.com/tolley-s-company-secretary-s-handbook.pdf
    • http://www.gorillawalker.com/superheroes-v-supervillains-a-z-the-ultimate-guide-to-the.pdf
    • http://www.gorillawalker.com/national-geographic-essential-visual-history-of-the-bible.pdf
    • http://www.gorillawalker.com/1997-national-building-cost-manual-21st-ed-issn-0732-5789.pdf
    • http://www.gorillawalker.com/cats-carols.pdf
    • http://www.gorillawalker.com/i-feel-dk-baby-love.pdf
    • http://www.gorillawalker.com/the-design-and-construction-of-removeable-orthodontic-appliances.pdf
    • http://www.gorillawalker.com/load-poems-like-guns-women-s-poetry-from-herat-afghanistan.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.