Malicious PDF — malware analysis report

Static analysis result for SHA-256 213d29694b2baadd…

MALICIOUS

PDF

42.7 KB Created: 2018-11-26 20:06:07 +03:00 Authoring application: tFPDF 1.03
MD5: 7ac605ef6a5c99b72b6e365baf28fd3f SHA-1: 913b1d3908cccfde4b801650253bcc9b65050cc5 SHA-256: 213d29694b2baadda0bfd6d4e9ac31416b7d0969966edc7c1662d3b4d248b572
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, all hosted on the domain www.gorillawalker.com. This pattern is indicative of SEO manipulation or a link farm designed to distribute potentially malicious content or drive traffic. No scripts were extracted, and the document body was not parsable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/knock-knock.pdf
    • http://www.gorillawalker.com/vital-signs-stories-from-intensive-care.pdf
    • http://www.gorillawalker.com/greedy-princess-the-rabbit-and-the-tiger-korean-folk-tales.pdf
    • http://www.gorillawalker.com/north-american-mushrooms-a-field-guide-to-edible-and-inedible.pdf
    • http://www.gorillawalker.com/betty-shabazz-surviving-malcolm-x-a-journey-of-strength-from.pdf
    • http://www.gorillawalker.com/lively-baroque-fourteen-folk-dances-for-string-quartet.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-34-education-pt-300-399.pdf
    • http://www.gorillawalker.com/the-ocean-of-truth-a-personal-history-of-global-tectonics.pdf
    • http://www.gorillawalker.com/minecraft-the-official-redstone-handbook-2.pdf
    • http://www.gorillawalker.com/jitsugokyo-the-wisdom-of-kobo-daishi.pdf
    • http://www.gorillawalker.com/the-lab-ring-muses-work-writing-and-the-social-order.pdf
    • http://www.gorillawalker.com/outer-circles-an-introduction-to-hyperbolic-3-manifolds.pdf
    • http://www.gorillawalker.com/let-s-go-2-class-audio-cds-language-level-beginning.pdf
    • http://www.gorillawalker.com/how-to-make-injection-molds-spe-books.pdf
    • http://www.gorillawalker.com/the-new-york-times-winter-wonderland-crosswords-165-easy-to.pdf
    • http://www.gorillawalker.com/programming-with-javascript-algorithms-and-applications-for-desktop-and-mobile.pdf
    • http://www.gorillawalker.com/a-broken-paradise-book-3-of-the-windows-of-heaven.pdf
    • http://www.gorillawalker.com/exploring-life-science-teachers-edition.pdf
    • http://www.gorillawalker.com/criminalistics-forensic-science-crime-and-terrorism.pdf
    • http://www.gorillawalker.com/a-un-stade-du-plaisir-hqn-french-edition.pdf
    • http://www.gorillawalker.com/the-library-at-barbados-hill.pdf
    • http://www.gorillawalker.com/judgments-on-history-and-historians.pdf
    • http://www.gorillawalker.com/rice-in-malaya-a-study-in-historical-geography.pdf
    • http://www.gorillawalker.com/motives-for-allusion-context-and-content-in-nineteenth-century-music.pdf
    • http://www.gorillawalker.com/dorothy-s-visit-french-version-cambridge-african-language-library.pdf
    • http://www.gorillawalker.com/tornadoes-disaster-survival-deadly-disasters.pdf
    • http://www.gorillawalker.com/administrative-medical-assisting-with-premium-web-site-printed-access-card.pdf
    • http://www.gorillawalker.com/printed-books-and-maps-comprising-greece-cyprus-turkey-the-middle.pdf
    • http://www.gorillawalker.com/trophonios-de-lebadee-cultes-et-mythes-d-une-cite-beotienne.pdf
    • http://www.gorillawalker.com/time-management-is-a-myth-how-to-double-your-productivity.pdf
    • http://www.gorillawalker.com/manual-on-construction-layout.pdf
    • http://www.gorillawalker.com/brecht-collected-plays-7-visions-of-simone-machard-schweyk-in.pdf
    • http://www.gorillawalker.com/pucked.pdf
    • http://www.gorillawalker.com/haptic-modernism-touch-and-the-tactile-in-modernist-writing.pdf
    • http://www.gorillawalker.com/faces-on-the-clock-kindle-edition.pdf
    • http://www.gorillawalker.com/mother-lode-action-guide-recreation-from-yosemite-to-lake-tahoe.pdf
    • http://www.gorillawalker.com/the-art-of-stage-hypnotism.pdf
    • http://www.gorillawalker.com/the-new-anthem-the-subcontinent-in-its-own-words.pdf
    • http://www.gorillawalker.com/how-to-prepare-for-the-ap-calculus-barron-s-ap.pdf
    • http://www.gorillawalker.com/requiem-for-a-god.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-34-education-p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.