Malicious PDF — malware analysis report

Static analysis result for SHA-256 44285ba711c7b318…

MALICIOUS

PDF

45.6 KB Created: 2019-02-14 08:25:40 +03:00 Authoring application: TeX (via pdfTeX-1.40.9)
MD5: 4618efc4a08bf6a391203df9835909d7 SHA-1: f463f87af826680dbc35e26f8f163b95a5477a44 SHA-256: 44285ba711c7b3187b33a8ca2689d4323ea799e851bc1dabdabd228d6464f34a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious Link

The PDF heuristic firings indicate a large number of embedded external links, suggesting a link farm or a distribution mechanism for other malicious content. The document body contains numerous URLs pointing to PDFs on www.gorillawalker.com, which are likely lures or part of a SEO spam campaign. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hopi-new-version-bassoon.pdf
    • http://www.gorillawalker.com/silence-your-mind-improve-your-happiness-in-just-10-minutes.pdf
    • http://www.gorillawalker.com/complete-idiot-s-guide-to-pilates-method-01-by-karter.pdf
    • http://www.gorillawalker.com/high-resolution-separation-and-analysis-of-biological-macromolecules-part-a.pdf
    • http://www.gorillawalker.com/mail-order-bride-savannah-s-cowboy-westward-wanted-book-2.pdf
    • http://www.gorillawalker.com/materials-structures-and-standards-all-the-details-architects-need-to.pdf
    • http://www.gorillawalker.com/the-crown-and-the-pen-the-memoirs-of-a-lawyer.pdf
    • http://www.gorillawalker.com/solidarit-french-edition.pdf
    • http://www.gorillawalker.com/vegetarian-cooking-shredded-vege-roasted-duck-and-green-chilli-pepper.pdf
    • http://www.gorillawalker.com/computational-systems-biology-of-cancer-chapman-hall-crc-mathematical-and.pdf
    • http://www.gorillawalker.com/we-will-remember-them.pdf
    • http://www.gorillawalker.com/fish-histology-female-reproductive-systems.pdf
    • http://www.gorillawalker.com/the-urban-school-system-of-the-future-applying-the-principles.pdf
    • http://www.gorillawalker.com/sweet-hands-island-cooking-from-trinidad-and-tobago-kindle-edition.pdf
    • http://www.gorillawalker.com/pretty-ballerinas-beautiful-ballerinas-to-color.pdf
    • http://www.gorillawalker.com/the-book-of-daniel-anchor-bible.pdf
    • http://www.gorillawalker.com/suckers-andrew-mayhem-harry-mcglade-thrillers.pdf
    • http://www.gorillawalker.com/commando-tactics-for-digital-filmmakers.pdf
    • http://www.gorillawalker.com/reiki-false-beliefs-exposed-for-all-misinformation-kept-secret-by.pdf
    • http://www.gorillawalker.com/let-s-learn-chinese-elementary-level-simplified-chinese-version.pdf
    • http://www.gorillawalker.com/breaking-demonic-strongholds-defeating-the-lies-of-satan.pdf
    • http://www.gorillawalker.com/the-custer-adventure.pdf
    • http://www.gorillawalker.com/uncle-john-s-bathroom-reader-tees-off-on-golf.pdf
    • http://www.gorillawalker.com/larry-teaches-opening-leads.pdf
    • http://www.gorillawalker.com/spirituality-recharted.pdf
    • http://www.gorillawalker.com/hazardous-substances-resource-guide-gale-environmental-library.pdf
    • http://www.gorillawalker.com/by-bob-baker-guerrilla-music-marketing-handbook-201-self-promotion.pdf
    • http://www.gorillawalker.com/an-introduction-to-numerical-weather-prediction-techniques.pdf
    • http://www.gorillawalker.com/the-trans-siberian-express.pdf
    • http://www.gorillawalker.com/sixty-selected-studies-french-horn-method-or-collection-0-kalmus.pdf
    • http://www.gorillawalker.com/aip-physics-desk-reference-physicist-s-desk-reference.pdf
    • http://www.gorillawalker.com/abdominal-ultrasound-a-basic-textbook.pdf
    • http://www.gorillawalker.com/german-shorthaired-pointers-2016-calendar.pdf
    • http://www.gorillawalker.com/the-heretic-s-treasure-ben-hope-unabridged-digital.pdf
    • http://www.gorillawalker.com/keyboard-instruments-the-instruments-the-music-the-musicians.pdf
    • http://www.gorillawalker.com/bright-architectural-illumination-and-light-projections.pdf
    • http://www.gorillawalker.com/by-edward-m-phillips-harvard-medical-school-the-joint-pain.pdf
    • http://www.gorillawalker.com/the-vienna-conventions-on-the-law-of-treaties-a-commentary.pdf
    • http://www.gorillawalker.com/sphr-exam-flashcard-study-system-sphr-test-practice-questions-review.pdf
    • http://www.gorillawalker.com/digital-video-recorders-dvrs-changing-tv-and-advertising-forever-nab.pdf
    • http://www.gorillawalker.com/materials-structures-and-standards-all-the-details-ar
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.