Malicious PDF — malware analysis report

Static analysis result for SHA-256 2f0ed8a84054c553…

MALICIOUS

PDF

41.1 KB Created: 2019-01-06 08:09:50 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 6.0 (Windows))
MD5: 96a1b3e256e84751a3823a2d3eade200 SHA-1: de1e671c6ca7d96a3433211ddf793394f836a26a SHA-256: 2f0ed8a84054c553b761c53648827e75600ed3347a8949bd278ef2b39575ec94
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to PDF files on the domain www.gorillawalker.com. This is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. While no scripts were extracted, the sheer volume of links suggests a malicious intent to drive traffic or potentially deliver further payloads disguised as legitimate documents.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/crete-ter-1-7.pdf
    • http://www.gorillawalker.com/married-to-the-devil-dark-rone-book-2.pdf
    • http://www.gorillawalker.com/the-montessori-method-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/risk-based-pricing-and-the-enhancement-of-mortgage-credit-availability.pdf
    • http://www.gorillawalker.com/soulshaping-a-journey-of-self-creation.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-hot-wheels-variations-identification-and-price.pdf
    • http://www.gorillawalker.com/jumping-the-broom-wedding-workbook-a-step-by-step-write.pdf
    • http://www.gorillawalker.com/healthy-parents-better-babies.pdf
    • http://www.gorillawalker.com/dirty-words.pdf
    • http://www.gorillawalker.com/legendary-movies.pdf
    • http://www.gorillawalker.com/dial-m-for-murder.pdf
    • http://www.gorillawalker.com/zentangle-no-boundaries.pdf
    • http://www.gorillawalker.com/the-honeybee-the-robber.pdf
    • http://www.gorillawalker.com/introducing-autocad-2005.pdf
    • http://www.gorillawalker.com/linear-models-with-r-chapman-hall-crc-texts-in-statistical.pdf
    • http://www.gorillawalker.com/symphony-no-4-op-51-study-score.pdf
    • http://www.gorillawalker.com/los-empe-os-de-un-enga-o-teatro-spanish-edition.pdf
    • http://www.gorillawalker.com/discrete-and-combinatorial-mathematics-an-applied-introduction-5th.pdf
    • http://www.gorillawalker.com/capoeira-a-brazilian-art-form-history-philosophy-and-practice.pdf
    • http://www.gorillawalker.com/matematicas-con-plantas-plant-math-spanish-edition.pdf
    • http://www.gorillawalker.com/dominant-nexus.pdf
    • http://www.gorillawalker.com/in-search-of-lost-frogs-the-quest-to-find-the.pdf
    • http://www.gorillawalker.com/cerebral-palsy-resource-guide-for-speech-language-pathologists.pdf
    • http://www.gorillawalker.com/slightly-spellbound-a-southern-witch-novel.pdf
    • http://www.gorillawalker.com/a-biography-of-clarence-snyder-how-it-worked-in-early.pdf
    • http://www.gorillawalker.com/a-critical-introduction-to-twentieth-century-american-drama-volume-2.pdf
    • http://www.gorillawalker.com/alien-seduction-tentacle-erotica.pdf
    • http://www.gorillawalker.com/the-new-religions-tarcher-cornerstone-editions.pdf
    • http://www.gorillawalker.com/sources-of-american-law-an-introduction-to-legal-research.pdf
    • http://www.gorillawalker.com/williams-sonoma-foods-of-the-world-rome-authentic-recipes-celebrating.pdf
    • http://www.gorillawalker.com/european-evidence-warrant-transnational-judicial-inquiries-in-the-eu.pdf
    • http://www.gorillawalker.com/food-alert-the-ultimate-sourcebook-for-food-safety.pdf
    • http://www.gorillawalker.com/made-in-italy-a-shopper-s-guide-to-the-best.pdf
    • http://www.gorillawalker.com/the-case-of-the-backward-mule-terry-clane.pdf
    • http://www.gorillawalker.com/basics-a-beginner-s-guide-to-lighting-design.pdf
    • http://www.gorillawalker.com/i-m-mighty.pdf
    • http://www.gorillawalker.com/how-to-be-chic-elegant-pear-shape.pdf
    • http://www.gorillawalker.com/e-i-e-i-oops-musical-showtrax-cd.pdf
    • http://www.gorillawalker.com/new-jersey-real-estate-exam-prep.pdf
    • http://www.gorillawalker.com/smoke-a-short-story.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.