Malicious PDF — malware analysis report

Static analysis result for SHA-256 48d4a66cb8c0b444…

MALICIOUS

PDF

45.0 KB Created: 2018-11-26 20:03:20 +03:00 Authoring application: XEP 4.4 build 20050610
MD5: 48cc879e42787b3997520c250528b2a4 SHA-1: 9df87b3f8cf074855d8e1a341b0b058ff83220dd SHA-256: 48d4a66cb8c0b4446b4a61dd1164ef719dbe45b1f8007f55d10ed3390b98aef2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies this behavior. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing lure. The primary IOCs are the numerous URLs hosted on www.gorillawalker.com.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/is-gun-ownership-a-right-at-issue-series.pdf
    • http://www.gorillawalker.com/discovering-ourselves-through-acts-of-creation-the-healing-tools-of.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-desserts-9-baba-au.pdf
    • http://www.gorillawalker.com/identifying-interpersonal-coordination-patterns-in-rugby-union-dynamical-decision-making.pdf
    • http://www.gorillawalker.com/guernsey-reservoir-quadrangle-wyoming-platte-co-1990-7-5-minute.pdf
    • http://www.gorillawalker.com/noneuclidean-tesselations-and-their-groups-pure-and-applied-mathematics-volume.pdf
    • http://www.gorillawalker.com/warship-pictorial-no-20-h-m-s-hood-battle-cruiser.pdf
    • http://www.gorillawalker.com/japanese-eyes-american-heart-vol-ii-voices-from-the-home.pdf
    • http://www.gorillawalker.com/debussy-la-mer-cambridge-music-handbooks.pdf
    • http://www.gorillawalker.com/christian-sing-along-guitar.pdf
    • http://www.gorillawalker.com/arkansas-an-illustrated-atlas.pdf
    • http://www.gorillawalker.com/memories-of-summer-readers-circle.pdf
    • http://www.gorillawalker.com/walk-yourself-thin.pdf
    • http://www.gorillawalker.com/introduction-to-psychology-loose-leaf-psychology-the-real-world.pdf
    • http://www.gorillawalker.com/you-re-not-crazy-you-re-codependent-what-everyone-affected.pdf
    • http://www.gorillawalker.com/on-the-edge-of-red-how-i-achieved-a-modicum.pdf
    • http://www.gorillawalker.com/the-rat-report.pdf
    • http://www.gorillawalker.com/green-plants-from-roots-to-leaves-science-answers.pdf
    • http://www.gorillawalker.com/typography-for-the-people-hand-painted-signs-from-around-the.pdf
    • http://www.gorillawalker.com/fodor-s-the-complete-guide-to-european-cruises-a-cruise.pdf
    • http://www.gorillawalker.com/marie-de-france-an-analytical-bibliography-supplement-no-1-research.pdf
    • http://www.gorillawalker.com/dragon-age-inquisition-strategy-guide-walkthrough-cheats-tips-tricks-and.pdf
    • http://www.gorillawalker.com/god-is-not-a-christian-and-other-provocations.pdf
    • http://www.gorillawalker.com/peterson-oral-and-maxillofacial-surgery-2nd-edition-set-2-volumes.pdf
    • http://www.gorillawalker.com/the-cactus-killer-the-inglewood-chronicles-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/mathskills-pre-algebra-kindle-edition.pdf
    • http://www.gorillawalker.com/public-sector-accounting-and-accountability-in-australia.pdf
    • http://www.gorillawalker.com/head-first-html-and-css.pdf
    • http://www.gorillawalker.com/new-chocolate-classics-over-100-of-your-favorite-recipes-now.pdf
    • http://www.gorillawalker.com/pearl-moscowitz-s-last-stand.pdf
    • http://www.gorillawalker.com/travel-diary-great-barrier-reef.pdf
    • http://www.gorillawalker.com/primeros-escritos-first-writings-obras-completas-complete-works-spanish-edition.pdf
    • http://www.gorillawalker.com/fish-osmoregulation.pdf
    • http://www.gorillawalker.com/remembering-bix-a-memoir-of-the-jazz-age.pdf
    • http://www.gorillawalker.com/managing-your-government-career-success-strategies-that-work.pdf
    • http://www.gorillawalker.com/ied-drones-and-suicide-bomber-warfare-in-afghanistan-and-pakistan.pdf
    • http://www.gorillawalker.com/is-it-still-cheating-if-i-don-t-get-caught.pdf
    • http://www.gorillawalker.com/classic-baseball-the-photographs-of-walter-iooss-jr.pdf
    • http://www.gorillawalker.com/rasa-shastra-the-art-of-vedic-alchemy.pdf
    • http://www.gorillawalker.com/an-honourable-englishman-the-life-of-hugh-trevor-roper.pdf
    • http://www.gorillawalker.com/guernsey-reservoir-quadrangle-wyoming-platte-co-1990-7-5-minu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.