Malicious PDF — malware analysis report

Static analysis result for SHA-256 4754ddee6b156698…

MALICIOUS

PDF

34.5 KB Created: 2020-01-17 19:19:03 +03:00 Authoring application: QuarkXPressª: LaserWriter 8 8.5.1 (via Acrobat Distiller 3.01 for Power Macintosh)
MD5: 87eace020ee5aa490a7f8057cc37ddfd SHA-1: 0b16eb8d7a0a5347074f8bf8c1ab5d524e7b4cea SHA-256: 4754ddee6b156698db4a3b2ce8b11f2c8acdc37422cc9cfdd876b7f49c9d8468
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain www.gorillawalker.com. This is indicative of a link farm or SEO manipulation tactic. No scripts were extracted, and the document body was unreadable, limiting the ability to determine a more specific attack pattern or family. The primary IOCs are the numerous URLs pointing to external PDF files.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-new-book-of-optical-illusions.pdf
    • http://www.gorillawalker.com/the-british-confederate-archibald-campbell-marquess-of-argyll-c-1607.pdf
    • http://www.gorillawalker.com/madrid-and-barcelona-1993-tours-and-special-events-in-spain.pdf
    • http://www.gorillawalker.com/delicious-brunch-recipes-for-the-busy-home-cook-kindle-edition.pdf
    • http://www.gorillawalker.com/bayou-blues-a-genie-mcqueen-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/the-subgenius-psychlopaedia-of-slack-the-bobliographon.pdf
    • http://www.gorillawalker.com/carte-de-l-autriche-1-600000.pdf
    • http://www.gorillawalker.com/b-boys-a-children-s-guide-to-the-origins-of.pdf
    • http://www.gorillawalker.com/my-secret-rome-a-girl-s-guide-to-intimate-rome.pdf
    • http://www.gorillawalker.com/polymer-blends-volume-2.pdf
    • http://www.gorillawalker.com/wicked-beat-the-sinners-on-tour.pdf
    • http://www.gorillawalker.com/understanding-media-industries.pdf
    • http://www.gorillawalker.com/25-easy-nonfiction-mini-books-easy-to-read-reproducible-mini.pdf
    • http://www.gorillawalker.com/capaldo-repertory-of-decisions.pdf
    • http://www.gorillawalker.com/exorcising-my-demons-an-actress-journey-to-the-exorcist-and.pdf
    • http://www.gorillawalker.com/safety-scale-lab-experiments-chemistry-for-today-general-organic-biochemistry.pdf
    • http://www.gorillawalker.com/mastering-miracles-the-healing-art-of-qi-gong-as-taught.pdf
    • http://www.gorillawalker.com/the-c-suite-cio-aligning-relationships-with-senior-peers.pdf
    • http://www.gorillawalker.com/le-saxophone-classique-pi-ces-faciles-de-brahms-vivaldi-wagner.pdf
    • http://www.gorillawalker.com/young-in-the-spirit-spiritual-strengthening-for-seniors-and-caregivers.pdf
    • http://www.gorillawalker.com/4x4s-pickups-vans-2001-buying-guide-4x4s-pickups-and-vans.pdf
    • http://www.gorillawalker.com/the-fist-of-god-kindle-edition.pdf
    • http://www.gorillawalker.com/psychology-of-religion-classic-and-contemporary.pdf
    • http://www.gorillawalker.com/curriculum-alternative-approaches-ongoing-issues-4th-edition.pdf
    • http://www.gorillawalker.com/teen-guide-to-the-bible.pdf
    • http://www.gorillawalker.com/teambuilding-the-road-to-success.pdf
    • http://www.gorillawalker.com/george-washington-s-beautiful-nelly-the-letters-of-eleanor-parke.pdf
    • http://www.gorillawalker.com/diagnosis-for-classroom-success-teacher-edition-making-anatomy-and-physiology.pdf
    • http://www.gorillawalker.com/taipei-city-journal-city-notebook-for-taipei-taiwan.pdf
    • http://www.gorillawalker.com/county-court-applications-in-personal-injury-actions.pdf
    • http://www.gorillawalker.com/statistical-process-control-for-health-care-duxbury-applied.pdf
    • http://www.gorillawalker.com/power-ultrasonics-applications-of-high-intensity-ultrasound-woodhead-publishing-series.pdf
    • http://www.gorillawalker.com/the-anglo-saxon-chronicle.pdf
    • http://www.gorillawalker.com/fizz-bubble-flash-element-explorations-atom-adventures-for-hands-on.pdf
    • http://www.gorillawalker.com/homers-ilias-bersetzt-und-erkl-rt-von-wilhelm-jordan-german.pdf
    • http://www.gorillawalker.com/researching-and-writing-dissertations-a-complete-guide-for-business.pdf
    • http://www.gorillawalker.com/gentle-s-holler-maggie-valley-novels.pdf
    • http://www.gorillawalker.com/american-labor-songs-of-the-nineteenth-century-music-in-american.pdf
    • http://www.gorillawalker.com/science-and-health-with-key-to-the-scriptures-wetenschap-en.pdf
    • http://www.gorillawalker.com/traditional-chinese-medicine-and-pharmacology.pdf
    • http://www.gorillawalker.com/bayou-blues-a-genie-mcqueen-novel-kindle-edition.pd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.