Malicious PDF — malware analysis report

Static analysis result for SHA-256 40b2286b060e85dc…

MALICIOUS

PDF

41.2 KB Created: 2018-11-15 19:34:52 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.0.0 (Windows))
MD5: 6e30ef5020bd4692b86ef120051371e2 SHA-1: 588d1b84e3fc18e611bb0395abf610b5da3626fa SHA-256: 40b2286b060e85dcc91185152cd0878d355ff84a948cb87e5c8e5a48e8ac6aeb
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, all hosted on the same domain (www.gorillawalker.com). This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of malicious documents. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/politics-in-mexico-the-democratic-consolidation.pdf
    • http://www.gorillawalker.com/the-chamberlain-calendar-of-american-cooking.pdf
    • http://www.gorillawalker.com/jeep-trails-to-colorado-ghost-towns.pdf
    • http://www.gorillawalker.com/aclu-gay-rights-newsletter-vol-2-5-july-1977.pdf
    • http://www.gorillawalker.com/cake-wrecks-2011-weekly-wall-calendar.pdf
    • http://www.gorillawalker.com/uncorked-the-science-of-champagne.pdf
    • http://www.gorillawalker.com/management-of-medical-technology-a-primer-for-clinical-engineers-materials.pdf
    • http://www.gorillawalker.com/always-jan-coming-home-to-brewster-book-4.pdf
    • http://www.gorillawalker.com/health-in-the-later-years-and-a-complete-manual-on.pdf
    • http://www.gorillawalker.com/some-explicit-polaroids-methuen-modern-plays.pdf
    • http://www.gorillawalker.com/chinese-business-vocabulary-in-a-hurry-a-brief-study-guide.pdf
    • http://www.gorillawalker.com/tennessee-alternative-dispute-resolution-handbook.pdf
    • http://www.gorillawalker.com/fundamentals-of-biochemistry-student-companion-life-at-the-molecular-level.pdf
    • http://www.gorillawalker.com/living-gluten-free-for-dummies-for-dummies.pdf
    • http://www.gorillawalker.com/the-abortion-debate-essential-viewpoints.pdf
    • http://www.gorillawalker.com/the-hand-of-the-past-in-contemporary-southern-politics.pdf
    • http://www.gorillawalker.com/english-in-common-1a-split-student-book-and-workbook-with.pdf
    • http://www.gorillawalker.com/simbiosys-pft-pulmonary-function-test-cd-rom-for-windows-individual.pdf
    • http://www.gorillawalker.com/bound-to-please-an-extraordinary-one-volume-literary-education.pdf
    • http://www.gorillawalker.com/tiny-rabbit-s-big-wish.pdf
    • http://www.gorillawalker.com/coins-coupons-and-combinations-the-number-system-investigations-in-number.pdf
    • http://www.gorillawalker.com/by-phil-hardy-the-encyclopedia-of-science-fiction-movies-1st.pdf
    • http://www.gorillawalker.com/gender-hurts-a-feminist-analysis-of-the-politics-of-transgenderism.pdf
    • http://www.gorillawalker.com/punctuate-capitalize-grade-3-practice-makes-perfect-teacher-created-materials.pdf
    • http://www.gorillawalker.com/critical-models-interventions-and-catchwords-european-perspectives-a-series-in.pdf
    • http://www.gorillawalker.com/go-vegan-know-the-secret-of-vegetarian-foods.pdf
    • http://www.gorillawalker.com/cuffed-stuffed-hucow-bdsm-group-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/woman-who-brings-the-rain-a-memoir-of-hokkaido-japan.pdf
    • http://www.gorillawalker.com/plumbing-design-and-installation-details.pdf
    • http://www.gorillawalker.com/viaje-a-trav-s-de-la-historia-de-la-danza.pdf
    • http://www.gorillawalker.com/organic-reaction-mechanisms-2004-organic-reaction-mechanisms-series.pdf
    • http://www.gorillawalker.com/lo-que-hacen-los-doctores-what-doctors-do-what-does.pdf
    • http://www.gorillawalker.com/miniature-pinschers-2016-calendar.pdf
    • http://www.gorillawalker.com/railways-and-trains-beginner-s-knowledge-series.pdf
    • http://www.gorillawalker.com/brian-moses-school-report-very-funny-poems-about-school-macmillan.pdf
    • http://www.gorillawalker.com/goya-el-ocaso-de-los-sue-os-spanish-edition.pdf
    • http://www.gorillawalker.com/christopher-marlowe-four-plays-tamburlaine-parts-one-and-two-the.pdf
    • http://www.gorillawalker.com/how-to-handle-conflict-and-manage-anger.pdf
    • http://www.gorillawalker.com/the-stone-flower-op118-piano-score-ballet-in-4-acts.pdf
    • http://www.gorillawalker.com/coquito-clasico-2014-edition-spanish-edition.pdf
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.