Malicious PDF — malware analysis report

Static analysis result for SHA-256 46fd5025b95d6961…

MALICIOUS

PDF

31.3 KB Created: 2019-12-09 17:22:16 +03:00 Authoring application: TeX (via pdfTeX-0.13d)
MD5: 45f7c89c1087df1ea9ece8524a5b5e26 SHA-1: c86e4049751ce53035b370aca195588baf7cc2e0 SHA-256: 46fd5025b95d6961788b444f25cc169a4a6540dee4253d75d0779f59e83fa2c9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or as a distribution mechanism for further malicious content. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lung-cancer-clinical-societal-and-governmental-challenges.pdf
    • http://www.gorillawalker.com/collins-cobuild-advanced-dictionary-of-english-chinese-edition.pdf
    • http://www.gorillawalker.com/toxic-venom-series-book-three.pdf
    • http://www.gorillawalker.com/facing-the-shadow-starting-sexual-and-relationship-recovery.pdf
    • http://www.gorillawalker.com/art-deco-textiles-the-french-designers.pdf
    • http://www.gorillawalker.com/emeralds-aren-t-forever-banning-island-romances-volume-3.pdf
    • http://www.gorillawalker.com/blessings-and-prayers-for-new-parents.pdf
    • http://www.gorillawalker.com/the-gunslinger-the-dark-tower-i-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/kanji-cards-vol-2-tuttle-flash-cards.pdf
    • http://www.gorillawalker.com/100-words-kids-need-to-read-by-3rd-grade-100.pdf
    • http://www.gorillawalker.com/handbook-of-functional-mri-data-analysis.pdf
    • http://www.gorillawalker.com/the-teamster-the-crossing-hour-1-5.pdf
    • http://www.gorillawalker.com/australian-travelers-backpacking-guide-the-most-comprehensive-directory-of-hostels.pdf
    • http://www.gorillawalker.com/calculo-cientifico-con-maple-lenguaje-de-programacion-spanish-edition.pdf
    • http://www.gorillawalker.com/comparative-biomechanics-life-s-physical-world.pdf
    • http://www.gorillawalker.com/how-to-report-statistics-in-medicine-annotated-guidelines-for-authors.pdf
    • http://www.gorillawalker.com/felix-feneon-aesthete-and-anarchist-in-fin-de-siecle-paris.pdf
    • http://www.gorillawalker.com/the-goddess-and-the-american-girl-the-story-of-suzanne.pdf
    • http://www.gorillawalker.com/playing-1-e4-caro-kann-1-e5-minor-lines-grandmaster.pdf
    • http://www.gorillawalker.com/pharmprep-ashp-s-naplex-review-ginsburg-ashp-s-pharmprep.pdf
    • http://www.gorillawalker.com/pablo-de-tarso-apostol-o-hereje-historia-incognita-unknown-history.pdf
    • http://www.gorillawalker.com/hospitality-manager-s-guide-to-wines-beers-and-spirits-2nd.pdf
    • http://www.gorillawalker.com/our-rules-rising-readers.pdf
    • http://www.gorillawalker.com/clymer-kawasaki-zx6-ninja-1990-1997-service-repair-maintenance.pdf
    • http://www.gorillawalker.com/dong-xoai-vietnam-1965-joe-kubert-library.pdf
    • http://www.gorillawalker.com/feet-of-clay.pdf
    • http://www.gorillawalker.com/the-hill.pdf
    • http://www.gorillawalker.com/semiconductor-reference-handbook-1976.pdf
    • http://www.gorillawalker.com/cronkite-s-war-his-world-war-ii-letters-home.pdf
    • http://www.gorillawalker.com/x-ray-crystallography.pdf
    • http://www.gorillawalker.com/how-to-write-a-great-school-report.pdf
    • http://www.gorillawalker.com/advances-in-metal-carbene-chemistry-nato-science-series-c.pdf
    • http://www.gorillawalker.com/teaching-exceptional-children.pdf
    • http://www.gorillawalker.com/introductory-mems-fabrication-and-applications.pdf
    • http://www.gorillawalker.com/reasonable-doubts-the-o-j-simpson-case-and-the-criminal.pdf
    • http://www.gorillawalker.com/los-instrumentos-musicales-aborigenes-y-criollos-de-la-argentina-con.pdf
    • http://www.gorillawalker.com/mariner-s-atlas-the-florida-gulf-coast-and-the-florida.pdf
    • http://www.gorillawalker.com/the-techniques-of-motor-racing.pdf
    • http://www.gorillawalker.com/manufacturing-taxes-and-the-longest-economic-expansion-in-modern-u.pdf
    • http://www.gorillawalker.com/the-hunter-s-cookbook-or-how-ta-cook-them-thar.pdf
    • http://www.gorillawalker.com/how-to-report-statistics-in-medicine-annotated-guidelines-f
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.