Malicious PDF — malware analysis report

Static analysis result for SHA-256 4a4559f8d1c20ea6…

MALICIOUS

PDF

42.8 KB Created: 2018-11-15 19:36:25 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 56840ebd6274c3acf5ea19a2d82422c4 SHA-1: e5b5443d17677d854891fec3b3c83a68554d974d SHA-256: 4a4559f8d1c20ea6ad9c9464c2b3ee543a568c9b2145fc7f029b15a6ee72b372
68 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on www.gorillawalker.com. This behavior is indicative of a PDF SEO link farm, a technique often used to manipulate search engine rankings or to distribute malicious content. The heuristic PDF_SEO_LINK_FARM specifically identified this pattern. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful content.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/street-life.pdf
    • http://www.gorillawalker.com/spiny-animals-riverstream-readers-level-2.pdf
    • http://www.gorillawalker.com/a-socio-cultural-history-of-ethiopia-and-the-horn-a.pdf
    • http://www.gorillawalker.com/auditing-fundamentals-in-a-south-african-context.pdf
    • http://www.gorillawalker.com/living-well-with-migraine-disease-and-headaches-living-well-collins.pdf
    • http://www.gorillawalker.com/mineral-textile.pdf
    • http://www.gorillawalker.com/the-middle-english-romances-of-the-thirteenth-and-fourteenth-centuries.pdf
    • http://www.gorillawalker.com/legionnaire-five-years-in-the-french-foreign-legion.pdf
    • http://www.gorillawalker.com/plant-tissue-culture-theory-and-practice-studies-in-plant-science.pdf
    • http://www.gorillawalker.com/trauma-and-recovery-the-aftermath-of-violence-from-domestic-abuse.pdf
    • http://www.gorillawalker.com/cape-shoals-vol-2-straight-lines.pdf
    • http://www.gorillawalker.com/historia-de-un-amor-spanish-edition.pdf
    • http://www.gorillawalker.com/the-wicked-awakening-of-anne-merchant-book-two-of-the.pdf
    • http://www.gorillawalker.com/accel-orthodontics-a-new-technique-for-faster-orthodontic-treatment.pdf
    • http://www.gorillawalker.com/environmental-health-ecological-perspectives.pdf
    • http://www.gorillawalker.com/icd-10-2014-rapid-coder-for-gastroenterology.pdf
    • http://www.gorillawalker.com/unleash-your-mind-maximum-manifestation-a-how-to-guide-for.pdf
    • http://www.gorillawalker.com/interrogating-caste-understanding-hierarchy-difference-in-indian-society.pdf
    • http://www.gorillawalker.com/a-symposium-on-preventive-dentistry-with-specific-emphasis-on-dental.pdf
    • http://www.gorillawalker.com/rutherford-cirug-a-vascular-2-vols-e-dition-en-2.pdf
    • http://www.gorillawalker.com/draw-manga-xtreme-art.pdf
    • http://www.gorillawalker.com/the-girl-on-the-train-a-novel-by-paula-hawkin.pdf
    • http://www.gorillawalker.com/the-national-geographic-magazine-march-1961-vol-119-no-3.pdf
    • http://www.gorillawalker.com/respiratory-care-pearls-1e-pearls-series.pdf
    • http://www.gorillawalker.com/velvet-steel-the-beauty-and-necessity-of-biblical-church-discipline.pdf
    • http://www.gorillawalker.com/by-edward-field-kabuli-days-travels-in-old-afghanistan-paperback.pdf
    • http://www.gorillawalker.com/the-blue-book-of-broadway-musicals.pdf
    • http://www.gorillawalker.com/easy-reader-biographies-george-washington.pdf
    • http://www.gorillawalker.com/cable-supported-bridges-concept-and-design.pdf
    • http://www.gorillawalker.com/tool-design.pdf
    • http://www.gorillawalker.com/supplier-management-handbook.pdf
    • http://www.gorillawalker.com/movie-instrumental-solos-for-strings-level-2-3.pdf
    • http://www.gorillawalker.com/bioterrorism-a-guide-for-hospital-preparedness.pdf
    • http://www.gorillawalker.com/one-table-many-laws-essays-on-catholic-eucharistic-practice.pdf
    • http://www.gorillawalker.com/california-family-law-for-paralegals.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-analysis-of-algorithms-2nd-edition-kindle.pdf
    • http://www.gorillawalker.com/oscar-peterson-a-jazz-portrait-of-frank-sinatra-artist-transcriptions.pdf
    • http://www.gorillawalker.com/1001-horrible-facts-a-yukkopedia-of-gross-truths-about-everything.pdf
    • http://www.gorillawalker.com/concrete-structures-reference-guide-mcgraw-hill-engineering-reference-guides-series.pdf
    • http://www.gorillawalker.com/the-return-of-antonides-mills-boon-modern.pdf
    • http://www.gorillawalker.com/plant-tissue-culture-theory-and-practice-studies-in-plant-science
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.