Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e39e62f2eb8e69f…

MALICIOUS

PDF

44.1 KB Created: 2019-03-18 02:06:56 +03:00 Authoring application: Adobe Acrobat 7.05 (via Adobe Acrobat 7.05 Paper Capture Plug-in)
MD5: 445ccebcce4d44c7259ed9e27bb4e666 SHA-1: 7af1042324033124af83705a2039474edb3f8922 SHA-256: 1e39e62f2eb8e69f5bf9ac3d9a77a6b395557ad340a63f65a137774f2ad9a1cf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a critical heuristic firing for a link farm, containing numerous external URLs. The primary purpose appears to be SEO manipulation or directing users to potentially malicious content hosted on the 'gorillawalker.com' domain. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pathfinder-player-companion-monster-summoner-s-handbook-paperback.pdf
    • http://www.gorillawalker.com/the-soul-stylists-six-decades-of-modernism-from-mods-to.pdf
    • http://www.gorillawalker.com/mergers-and-acquisitions-from-a-to-z.pdf
    • http://www.gorillawalker.com/introductory-solid-state-physics-with-matlab-applications.pdf
    • http://www.gorillawalker.com/muzzy-basic-french-book-cassette-and-two-videos-early-french.pdf
    • http://www.gorillawalker.com/advanced-techniques-of-dressage-german-national-equestrian-federation-german-national.pdf
    • http://www.gorillawalker.com/multimedia-artist-and-animator-cool-careers-cherry-lake.pdf
    • http://www.gorillawalker.com/guide-to-project-management-getting-it-right-and-achieving-lasting.pdf
    • http://www.gorillawalker.com/by-stephen-haag-maeve-cummings-management-information-systems-for-the.pdf
    • http://www.gorillawalker.com/environmental-chemistry-ninth-edition.pdf
    • http://www.gorillawalker.com/rhetorical-bodies.pdf
    • http://www.gorillawalker.com/the-festive-food-of-mexico-the-festive-food-series.pdf
    • http://www.gorillawalker.com/op-book-of-nod-limited-edition.pdf
    • http://www.gorillawalker.com/lupus-handbook-for-women-up-to-date-information-on-understanding.pdf
    • http://www.gorillawalker.com/to-kill-a-mockingbird-student-packet-by-novel-units-inc.pdf
    • http://www.gorillawalker.com/the-machiavelli-covenant.pdf
    • http://www.gorillawalker.com/management-by-process.pdf
    • http://www.gorillawalker.com/taylor-swift-speak-now-pvg-kindle-edition.pdf
    • http://www.gorillawalker.com/ciliopathies-a-reference-for-clinicians.pdf
    • http://www.gorillawalker.com/a-town-called-victoria-or-the-rise-and-fall-of.pdf
    • http://www.gorillawalker.com/photoshop-elements-13-in-easy-steps.pdf
    • http://www.gorillawalker.com/cold-steel-lakshmi-mittal-and-the-multi-billion-dollar-battle.pdf
    • http://www.gorillawalker.com/mothers-surviving-child-sexual-abuse.pdf
    • http://www.gorillawalker.com/general-phonetics.pdf
    • http://www.gorillawalker.com/heart-of-awareness-shambhala-dragon-editions.pdf
    • http://www.gorillawalker.com/on-coventry.pdf
    • http://www.gorillawalker.com/walt-disney-s-mickey-mouse-race-to-death-valley-vol.pdf
    • http://www.gorillawalker.com/louisville-nashville-railroad-in-south-central-kentucky-images-of-rail.pdf
    • http://www.gorillawalker.com/the-platinum-rule-to-customer-service-treating-customers-the-way.pdf
    • http://www.gorillawalker.com/blue-days-black-nights-a-memoir-paperback.pdf
    • http://www.gorillawalker.com/a-funny-thing-happened-at-the-interview.pdf
    • http://www.gorillawalker.com/under-wraps-worship-planning-flash-drive-the-gift-we-never.pdf
    • http://www.gorillawalker.com/practical-considerations-in-british-tank-operations-on-the-western-front.pdf
    • http://www.gorillawalker.com/drug-education-library-marijuana.pdf
    • http://www.gorillawalker.com/dolor-asociado-al-c.pdf
    • http://www.gorillawalker.com/little-english-cookbookhc-96-little-cookbook-library.pdf
    • http://www.gorillawalker.com/six-sigma-and-minitab.pdf
    • http://www.gorillawalker.com/the-new-b-c-roadside-naturalist-a-guide-to-nature.pdf
    • http://www.gorillawalker.com/confessions-of-a-scholarship-judge-how-your-kid-can-easily.pdf
    • http://www.gorillawalker.com/gunning-the-revenue-needle-beecher-carlson-snaps-up-property-brokers.pdf
    • http://www.gorillawalker.com/multimedia-arti
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.