Malicious PDF — malware analysis report

Static analysis result for SHA-256 4071c7dc83359f7d…

MALICIOUS

PDF

44.0 KB Created: 2018-12-02 10:55:59 +03:00 Authoring application: AH XSL Formatter V6.1 MR6 for Windows (x64) : 6.1.11.18624 (via Antenna House PDF Output Library 6.1.610 (Windows (x64)))
MD5: 4d8c654028d5c54189f9380ec94e814e SHA-1: 12a29018665e10709fec584806b7f19eadb81a52 SHA-256: 4071c7dc83359f7d2eef35e2cfcd0016335e663c7d8265fafeedb43996537618
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file exhibits a PDF_SEO_LINK_FARM heuristic, indicating it contains a large number of external links. These links predominantly point to PDF files on the domain www.gorillawalker.com. The purpose appears to be SEO manipulation or potentially distributing further malicious content through these linked PDFs. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of intent.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/el-sello-indeleble-pasado-presente-y-futuro-del-ser-humano.pdf
    • http://www.gorillawalker.com/handbook-of-aerial-photography-and-interpretation.pdf
    • http://www.gorillawalker.com/treasure-key-too-close-to-key-west-too-far-from.pdf
    • http://www.gorillawalker.com/digital-representations-of-the-real-world-how-to-capture-model.pdf
    • http://www.gorillawalker.com/workers-compensation-and-employee-protection-laws-in-a-nutshell-fourth.pdf
    • http://www.gorillawalker.com/the-gun-digest-book-of-cowboy-action-shooting-guns-gear.pdf
    • http://www.gorillawalker.com/a-fourfold-salvation-arthur-pink-collection-book-23-kindle-edition.pdf
    • http://www.gorillawalker.com/the-cortisol-connection-diet-the-breakthrough-program-to-control-stress.pdf
    • http://www.gorillawalker.com/nero-s-fiddle.pdf
    • http://www.gorillawalker.com/a-history-of-the-arab-israeli-conflict-6th-edition.pdf
    • http://www.gorillawalker.com/lexicography-in-the-borderland-between-knowledge-and-non-knowledge-general.pdf
    • http://www.gorillawalker.com/highway-statistics-2005.pdf
    • http://www.gorillawalker.com/vita-laudanda-essays-in-memory-of-ulrich-s-leupold.pdf
    • http://www.gorillawalker.com/historical-geology-of-the-antillean-caribbean-region-the-land-bordering.pdf
    • http://www.gorillawalker.com/managing-complex-systems-thinking-outside-the-box.pdf
    • http://www.gorillawalker.com/2014-2nd-telemarketing-managers-practical-analysis-of-key-jonghapbon-korean.pdf
    • http://www.gorillawalker.com/division-of-corms-for-increasing-planting-material-of-gladiolus-cut.pdf
    • http://www.gorillawalker.com/wisdom-of-solomon-guide-to-the-apocrypha-and-pseudepigrapha-3.pdf
    • http://www.gorillawalker.com/visitor-s-guide-portugal-world-traveller.pdf
    • http://www.gorillawalker.com/the-amazing-paper-cuttings-of-hans-christian-andersen.pdf
    • http://www.gorillawalker.com/renewing-the-covenant-a-kabbalistic-guide-to-jewish-spirituality.pdf
    • http://www.gorillawalker.com/pottery-science-materials-process-es-and-products-mathematics-and-its.pdf
    • http://www.gorillawalker.com/victoria-and-albert-museum-report-of-the-board-of-trustees.pdf
    • http://www.gorillawalker.com/inside-london-discovering-london-s-period-interiors.pdf
    • http://www.gorillawalker.com/pecalculus-mathematics-for-calculus.pdf
    • http://www.gorillawalker.com/peace-in-the-present-moment.pdf
    • http://www.gorillawalker.com/love-yourself-like-your-life-depends-on-it-unabridged-audible.pdf
    • http://www.gorillawalker.com/k-d-lang-in-her-own-words-in-their-own.pdf
    • http://www.gorillawalker.com/self-improvement-an-essay-in-kantian-ethics.pdf
    • http://www.gorillawalker.com/the-number-what-do-you-need-for-the-rest-of.pdf
    • http://www.gorillawalker.com/battletech-24-malicious-intent.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-structure-and-method-book-2-student-edition.pdf
    • http://www.gorillawalker.com/allergology-8th-marseille-1971-european-congress-proceedings-international-congress-series.pdf
    • http://www.gorillawalker.com/5000-years-of-geometry-mathematics-in-history-and-culture.pdf
    • http://www.gorillawalker.com/the-lucent-library-of-science-and-technology-genetics.pdf
    • http://www.gorillawalker.com/load-the-dice.pdf
    • http://www.gorillawalker.com/andrew-s-magnificent-mountain-of-mittens-first-flight-books-level.pdf
    • http://www.gorillawalker.com/the-scientific-basis-for-estimating-air-emissions-from-animal-feeding.pdf
    • http://www.gorillawalker.com/cat-hiss-tory-a-feline-tour-through-the-ages.pdf
    • http://www.gorillawalker.com/the-little-book-of-arthurian-wisdom-element-s-lttle-book.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.