Malicious PDF — malware analysis report

Static analysis result for SHA-256 d974ee8a56f55ec0…

MALICIOUS

PDF

45.2 KB Created: 2019-03-18 01:29:55 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT)
MD5: 55a8e524e89dc554bcd46d495fc719ad SHA-1: 8b5406fd84139dc86600aad3a6c56c1b3dc8932f SHA-256: d974ee8a56f55ec040972fbe88b7f87851a4dabf2ef2144cb2df5ff74eb3c179
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to external PDF files, all hosted on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ClamAV heuristic also flags this as a Pdf.Dropper.Agent, suggesting it's designed to drop or redirect to other malicious content. No scripts were extracted, and the document body was truncated, limiting further analysis of the specific payload.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7151035-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7151035-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-next-ones-hockey-s-future-stars.pdf
    • http://www.gorillawalker.com/early-childhood-special-education-0-to-8-years-strategies-for.pdf
    • http://www.gorillawalker.com/over-the-top.pdf
    • http://www.gorillawalker.com/magnus-magnusson-s-family-quiz-book.pdf
    • http://www.gorillawalker.com/startling-stereograms.pdf
    • http://www.gorillawalker.com/institutional-change-and-economic-development.pdf
    • http://www.gorillawalker.com/innumeracy-mathematical-illiteracy-and-its-consequences.pdf
    • http://www.gorillawalker.com/guide-to-homebuilts-9th-edition.pdf
    • http://www.gorillawalker.com/dialogo-sobre-los-dos-maximos-sistemas-del-mundo-ptolemaico-y.pdf
    • http://www.gorillawalker.com/syria-under-bashar-al-asad-modernisation-and-the-limits-of.pdf
    • http://www.gorillawalker.com/how-to-rebuild-the-big-block-mopar-s-a-design.pdf
    • http://www.gorillawalker.com/die-sonatenhauptsatzform-eine-analyse-des-1-satzes-der-3-sinfonie.pdf
    • http://www.gorillawalker.com/more-making-out-in-japanese-revised-edition-japanese-phrasebook.pdf
    • http://www.gorillawalker.com/france-constitution-and-citizenship-laws-handbook-strategic-information-and-basic.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-poultry-breeds-everything-you-need-to.pdf
    • http://www.gorillawalker.com/competency-based-orientation-and-credentialing-program-2002.pdf
    • http://www.gorillawalker.com/the-little-man-in-the-map-teaches-the-state-capitals.pdf
    • http://www.gorillawalker.com/the-virgin-islands-our-new-possessions-and-the-british-islands.pdf
    • http://www.gorillawalker.com/caravan-europe-guide-to-sites-and-touring-in-austria-benelux.pdf
    • http://www.gorillawalker.com/acuarela-creativa-creative-aquarelle-spanish-edition.pdf
    • http://www.gorillawalker.com/law-and-libraries-the-public-library.pdf
    • http://www.gorillawalker.com/relax-with-yoga-kindle-edition.pdf
    • http://www.gorillawalker.com/entheogens-society-law-towards-a-politics-of-consciousness-autonomy-responsibility.pdf
    • http://www.gorillawalker.com/legend-of-the-last-vikings-taklamakan.pdf
    • http://www.gorillawalker.com/advanced-mathematical-concepts.pdf
    • http://www.gorillawalker.com/writing-on-the-tablet-of-the-heart-origins-of-scripture.pdf
    • http://www.gorillawalker.com/unsaturated-zone-modeling-progress-challenges-and-applications-wageningen-ur-frontis.pdf
    • http://www.gorillawalker.com/politics-in-america-alternate-edition-9th-edition.pdf
    • http://www.gorillawalker.com/horizontal-wells-formation-evaluation-drilling-and-production-including-heavy-oil.pdf
    • http://www.gorillawalker.com/waiting-to-forget-a-motherhood-lost-and-found.pdf
    • http://www.gorillawalker.com/a-drummer-boy-s-diary-comprising-four-years-of-service.pdf
    • http://www.gorillawalker.com/new-map-xxl-71-inches-original-simplified-world-usa-political.pdf
    • http://www.gorillawalker.com/the-orgasm-bible-the-latest-research-and-techniques-for-reaching.pdf
    • http://www.gorillawalker.com/the-virgin.pdf
    • http://www.gorillawalker.com/who-s-your-caddy-looping-for-the-great-near-great.pdf
    • http://www.gorillawalker.com/champavert-immoral-tales.pdf
    • http://www.gorillawalker.com/reclaiming-value-in-international-development-the-moral-dimensions-of-development.pdf
    • http://www.gorillawalker.com/studying-pan-s-labyrinth-studying-films.pdf
    • http://www.gorillawalker.com/lost-at-school-why-our-kids-with-behavioral-challenges-are.pdf
    • http://www.gorillawalker.com/the-life-of-mahatma-gandhi.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.