Malicious PDF — malware analysis report

Static analysis result for SHA-256 daa72e73ecc81f2c…

MALICIOUS

PDF

39.4 KB Created: 2019-04-08 22:39:30 +03:00 Authoring application: AH XSL Formatter V6.1 MR6 for Windows (x64) : 6.1.11.18624 (via Antenna House PDF Output Library 6.1.610 (Windows (x64)))
MD5: 3bf4387bf6c28b671e820832c77eb2b0 SHA-1: efccf14f75932b362813b91129301650fe774b1d SHA-256: daa72e73ecc81f2cd415585ffd88f4aa737153b36452f9d14dedebbe0a081d80
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF_SEO_LINK_FARM heuristic indicates the presence of a large number of external links within the PDF, suggesting a link farm or SEO manipulation tactic. The ClamAV detection as Pdf.Dropper.Agent-7100167-0 further confirms its malicious nature. The embedded URLs point to various PDF files hosted on the same domain, likely serving as lures or part of a larger distribution scheme.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7100167-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7100167-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/terror-never-sleeps.pdf
    • http://www.gorillawalker.com/taking-persephone-underworld-prophecies-book-two-kindle-edition.pdf
    • http://www.gorillawalker.com/char-broil-s-everybody-grills-grilling.pdf
    • http://www.gorillawalker.com/astonishing-heroes-shades-of-justice.pdf
    • http://www.gorillawalker.com/the-artist-s-rule-nurturing-your-creative-soul-with-monastic.pdf
    • http://www.gorillawalker.com/you-are-worth-it-52-weeks-to-honoring-loving-and.pdf
    • http://www.gorillawalker.com/travel-leisure-100-greatest-trips-7th-edition.pdf
    • http://www.gorillawalker.com/depths-of-desire-2-taboo-erotica.pdf
    • http://www.gorillawalker.com/the-panda-puzzle-a-to-z-mysteries.pdf
    • http://www.gorillawalker.com/play-ball-a-partner-song-with-take-me-out-to.pdf
    • http://www.gorillawalker.com/peekaboo-baby-bilingual-edition-english-russian-picture-book-for-children.pdf
    • http://www.gorillawalker.com/basketball-sports-illustrated-kids-the-science-of-sport.pdf
    • http://www.gorillawalker.com/what-to-do-and-who-to-turn-to-caring-in.pdf
    • http://www.gorillawalker.com/manual-de-aplicacion-practica-de-derecho-romano-manual-of-practical.pdf
    • http://www.gorillawalker.com/accp-critical-care-board-review-2007-course-syllabus.pdf
    • http://www.gorillawalker.com/laos-footprint-handbooks.pdf
    • http://www.gorillawalker.com/stalina.pdf
    • http://www.gorillawalker.com/real-estate-sales-handbook-scribner-library-paperback.pdf
    • http://www.gorillawalker.com/the-black-donnellys.pdf
    • http://www.gorillawalker.com/with-frederick-the-great-a-story-of-the-seven-years.pdf
    • http://www.gorillawalker.com/bob-and-harv-s-comics.pdf
    • http://www.gorillawalker.com/the-armed-forces-of-world-war-ii-uniforms-insignia-aand.pdf
    • http://www.gorillawalker.com/forfeit-by-dick-francis-unabridged-audio-book-6cds.pdf
    • http://www.gorillawalker.com/minions-seek-and-find.pdf
    • http://www.gorillawalker.com/pierced-punished-pleased-an-erotic-bdsm-romance-control-book-2.pdf
    • http://www.gorillawalker.com/i-porti-di-israele.pdf
    • http://www.gorillawalker.com/a-cancer-therapy-results-of-fifty-cases.pdf
    • http://www.gorillawalker.com/food-it-s-science.pdf
    • http://www.gorillawalker.com/terror-in-the-starboard-seat.pdf
    • http://www.gorillawalker.com/wonderful-wisconsin.pdf
    • http://www.gorillawalker.com/husband-and-wife-in-the-law.pdf
    • http://www.gorillawalker.com/surviving-salvation-the-ethiopian-jewish-family-in-transition.pdf
    • http://www.gorillawalker.com/the-clinical-psychologist-s-handbook-of-epilepsy-assessment-and-management.pdf
    • http://www.gorillawalker.com/understanding-infertility.pdf
    • http://www.gorillawalker.com/keeping-your-cool-the-anger-management-workbook.pdf
    • http://www.gorillawalker.com/bike-racing-for-juniors-a-guide-for-riders-parents-and.pdf
    • http://www.gorillawalker.com/apostles-the-fathering-servant.pdf
    • http://www.gorillawalker.com/timefall-new-world-trilogy.pdf
    • http://www.gorillawalker.com/spanish-for-construction-2.pdf
    • http://www.gorillawalker.com/the-dressmaking-technique-bible-a-complete-guide-to-fashion-sewing.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.