Malicious PDF — malware analysis report

Static analysis result for SHA-256 3fb052eab50769cb…

MALICIOUS

PDF

40.7 KB Created: 2019-04-07 18:03:35 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 4f00aba9586efe99d27a4e5f6f0b6500 SHA-1: 744086268862dd40823e6e6d82c70c60e4b9f62c SHA-256: 3fb052eab50769cbc94c7125ec9797bd4f2f8ab3492868d2f63a999d52599a6f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file exhibits a critical heuristic firing for a PDF SEO link farm, containing 32 external links. The document body is heavily obfuscated and unreadable, but the embedded URLs point to various PDF documents hosted on www.gorillawalker.com. This suggests a potential attempt to manipulate search engine results or to distribute further malicious content through these links, possibly as part of a phishing or malware distribution campaign.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/piers-plowman-the-a-text-an-alliterative-verse-translation-pegasus.pdf
    • http://www.gorillawalker.com/borderlands-of-eternity-embracing-across-china-on-foot.pdf
    • http://www.gorillawalker.com/streetwise-brooklyn-map-laminated-city-center-street-map-of-brooklyn.pdf
    • http://www.gorillawalker.com/all-about-colour.pdf
    • http://www.gorillawalker.com/electric-circuits-8th-edition.pdf
    • http://www.gorillawalker.com/2-bodies-for-the-price-of-1-body-movers-book.pdf
    • http://www.gorillawalker.com/electrical-and-magnetic-methods-of-non-destructive-testing-non-destructive.pdf
    • http://www.gorillawalker.com/aircraft-safety-accident-investigations-analyses-applications.pdf
    • http://www.gorillawalker.com/contemporary-theories-of-learning-learning-theorists-in-their-own-words.pdf
    • http://www.gorillawalker.com/who-runs-this-country-anyway-a-guide-to-canadian-government.pdf
    • http://www.gorillawalker.com/perfect-russian-with-the-michel-thomas-method-michel-thomas-method.pdf
    • http://www.gorillawalker.com/transport-phenomena-for-chemical-reactor-design-1st-edition-by-belfiore.pdf
    • http://www.gorillawalker.com/a-time-to-jump.pdf
    • http://www.gorillawalker.com/electronics-technology.pdf
    • http://www.gorillawalker.com/a-history-of-the-colony-of-sierra-leone-western-africa.pdf
    • http://www.gorillawalker.com/advances-in-electrochemistry-and-electrochemical-engineering-volume-6.pdf
    • http://www.gorillawalker.com/choices-and-changes-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/believe-in-miracles-south-africa-from-malan-to-mandela-and.pdf
    • http://www.gorillawalker.com/the-sky-is-crying-race-class-and-natural-disaster.pdf
    • http://www.gorillawalker.com/shaping-the-city-studies-in-history-theory-and-urban-design.pdf
    • http://www.gorillawalker.com/the-brand-glossary.pdf
    • http://www.gorillawalker.com/yankee-boys-of-war.pdf
    • http://www.gorillawalker.com/platelet-proteomics-principles-analysis-and-applications-wiley-series-on-mass.pdf
    • http://www.gorillawalker.com/visual-music-instrument-patents-volume-one.pdf
    • http://www.gorillawalker.com/can-you-speak-french-english-and-french-edition.pdf
    • http://www.gorillawalker.com/nepal-himalaya-mountain-maps-mid-west-nepal-jumla-rara-saipal.pdf
    • http://www.gorillawalker.com/diagnostic-parasitology-for-veterinary-technicians-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/banana-wars-inner-history-of-american-empire-1900-34.pdf
    • http://www.gorillawalker.com/corvettes-1998-calendar.pdf
    • http://www.gorillawalker.com/physics-that-works.pdf
    • http://www.gorillawalker.com/philosopher-kings.pdf
    • http://www.gorillawalker.com/fun-with-cross-stitch-mini-masters.pdf
    • http://www.gorillawalker.com/censorship-and-nineteen-eighty-four.pdf
    • http://www.gorillawalker.com/chu-ju-s-house.pdf
    • http://www.gorillawalker.com/introduction-to-sociology-ninth-edition.pdf
    • http://www.gorillawalker.com/orthodontic-treatment-of-mechanics-and-the-preadjusted-appliance.pdf
    • http://www.gorillawalker.com/the-island-of-worthy-boys-a-novel.pdf
    • http://www.gorillawalker.com/healing-rejection-and-emotional-abuse.pdf
    • http://www.gorillawalker.com/tal-dia-como-hoy-on-a-day-like-this-narrativa.pdf
    • http://www.gorillawalker.com/favorite-classic-melodies-5-book-set-bastien-piano-library-primer.pdf
    • http://www.gorillawalker.com/airc
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.