Malicious PDF — malware analysis report

Static analysis result for SHA-256 47230f1811186d2e…

MALICIOUS

PDF

47.2 KB Created: 2018-11-14 08:37:19 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5.1) (via Adobe PDF Library 9.9)
MD5: 41da37f03d8e60a92f2b761c3d4571cc SHA-1: e0b3edd96d77f2ab4ad3db232afea45cd52d2471 SHA-256: 47230f1811186d2ec066fe09cf739b9489c4f1997d3e0f7ef56c032064ef9b40
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a heuristic firing for PDF_SEO_LINK_FARM, indicating a large number of external links. The document body and extracted URLs confirm this, showing a link farm pointing to various PDF files on the domain www.gorillawalker.com. This suggests a tactic to drive traffic or potentially distribute further malicious content through these linked PDFs.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/functional-approach-to-hypothyroidism-bridging-traditional-and-alternative-treatment-approaches.pdf
    • http://www.gorillawalker.com/servants-of-the-empire-imperial-justice-novel-3-a-star.pdf
    • http://www.gorillawalker.com/nystce-cst-english-to-speakers-of-other-languages-esol-022.pdf
    • http://www.gorillawalker.com/the-banished.pdf
    • http://www.gorillawalker.com/managing-credit-essential-finance.pdf
    • http://www.gorillawalker.com/the-editor-s-companion-an-indispensable-guide-to-editing-books.pdf
    • http://www.gorillawalker.com/forbidden-flame-a-collection-of-poems-following-a-journey-through.pdf
    • http://www.gorillawalker.com/2010-research-progress-of-chinese-vocational-education-chinese-edition.pdf
    • http://www.gorillawalker.com/the-history-of-the-new-york-court-of-appeals-1847.pdf
    • http://www.gorillawalker.com/hal-leonard-elvis-presley-for-flute-instrumental-play-along-book.pdf
    • http://www.gorillawalker.com/500-poses-for-photographing-women-a-visual-sourcebook-for-portrait.pdf
    • http://www.gorillawalker.com/rhetoric-materiality-and-politics-frontiers-in-political-communication.pdf
    • http://www.gorillawalker.com/synthetic-methods-of-organometallic-and-inorganic-chemistry-vol-10-catalysis.pdf
    • http://www.gorillawalker.com/phoenix-claws-and-jade-trees-essential-techniques-of-authentic-chinese.pdf
    • http://www.gorillawalker.com/provencal-interiors-french-country-style-in-america.pdf
    • http://www.gorillawalker.com/linus-pauling-selected-scientific-papers-world-scientific-series-in-20th.pdf
    • http://www.gorillawalker.com/sumerian-tablets-in-the-harvard-semitic-museum.pdf
    • http://www.gorillawalker.com/dictionary-of-occupational-titles-2-volumes.pdf
    • http://www.gorillawalker.com/microsoft-sharepoint-2010-quicksteps.pdf
    • http://www.gorillawalker.com/download-festival-the-unofficial-history-the-first-seven-rocking-years.pdf
    • http://www.gorillawalker.com/handbook-of-psychopharmacology-volume-7-principles-of-behavioral-pharmacology.pdf
    • http://www.gorillawalker.com/b-is-for-badger-a-wisconsin-alphabet-discover-america-state.pdf
    • http://www.gorillawalker.com/the-beethoven-sketchbooks-history-reconstruction-inventory-california-studies-in-19th.pdf
    • http://www.gorillawalker.com/alice-in-puzzle-land-a-carrollian-tale-for-children-under.pdf
    • http://www.gorillawalker.com/manual-de-espanol-urgente-spanish-edition.pdf
    • http://www.gorillawalker.com/life-in-a-rain-forest-ecosystems-in-action.pdf
    • http://www.gorillawalker.com/100-reasons-why-i-filed-for-divorce-101-reasons-why.pdf
    • http://www.gorillawalker.com/animation-from-script-to-screen.pdf
    • http://www.gorillawalker.com/menuet-sur-le-nom-d-haydn-arrangement-for-orchestra-full.pdf
    • http://www.gorillawalker.com/casper-play-pack.pdf
    • http://www.gorillawalker.com/girl-pray-for-me.pdf
    • http://www.gorillawalker.com/forex-instant-millionaire-underground-shocking-secrets-and-weird-but-profitable.pdf
    • http://www.gorillawalker.com/atomic-and-nuclear-chemistry-commonwealth-and-international-library-intermediate-chemistry.pdf
    • http://www.gorillawalker.com/practicing-desire-homosexual-sex-in-the-era-of-aids.pdf
    • http://www.gorillawalker.com/animal-rights-movement-essential-library-of-social-change.pdf
    • http://www.gorillawalker.com/chicago-pneumatic-tool-co-v-hughes-tool-co-u-s.pdf
    • http://www.gorillawalker.com/31-days-of-power-learning-to-live-in-spiritual-victory.pdf
    • http://www.gorillawalker.com/clinical-neuroanatomy-6th-sixth-edition-by-snell-richard-s-2005.pdf
    • http://www.gorillawalker.com/the-impossible-state-north-korea-past-and-future.pdf
    • http://www.gorillawalker.com/global-turning-points-understanding-the-challenges-for-business-in-the.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.