Malicious PDF — malware analysis report

Static analysis result for SHA-256 4dc939157a417c7d…

MALICIOUS

PDF

44.9 KB Created: 2018-12-15 20:04:42 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 7322dfd6eed670b3b87e3b5e8d39c5fa SHA-1: c10ac96fddd87bd0fe8f6a4b759c6cbc69d44dc6 SHA-256: 4dc939157a417c7d32b30128731cd1fdd3188f10ecddf8dc40b9b66a3c329aaf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links predominantly point to the domain www.gorillawalker.com and appear to be designed to lure users to click on them. The embedded URLs suggest a potential distribution mechanism for further malicious content or SEO manipulation. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/arrugas-spanish-edition.pdf
    • http://www.gorillawalker.com/mirwood-the-mirrored-woods-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/temporomandibular-disorders-and-dentofacial-skeletal-deformities-selected-readings-in-oral.pdf
    • http://www.gorillawalker.com/the-simon-and-kirby-superheroes.pdf
    • http://www.gorillawalker.com/felony-disenfranchisement-in-america-second-edition-historical-origins-institutional-racism.pdf
    • http://www.gorillawalker.com/dynamics-of-markets-econophysics-and-finance.pdf
    • http://www.gorillawalker.com/learn-to-play-the-french-horn-book-1.pdf
    • http://www.gorillawalker.com/making-women-matter-the-role-of-the-united-nations.pdf
    • http://www.gorillawalker.com/admiral-graf-spee-super-drawings-in-3d.pdf
    • http://www.gorillawalker.com/top-50-most-delicious-insect-recipes-recipe-top-50-s.pdf
    • http://www.gorillawalker.com/truly-uncensored-full-nudity-sex-pictures-book-young-milf-girl.pdf
    • http://www.gorillawalker.com/love-s-enduring-flame.pdf
    • http://www.gorillawalker.com/capturing-drama-in-nature-photography.pdf
    • http://www.gorillawalker.com/wordly-wise-3000-book3-test-booklet-systematic-academic-vocabulary-development.pdf
    • http://www.gorillawalker.com/thunder-out-of-china.pdf
    • http://www.gorillawalker.com/the-bible-and-homosexual-practice.pdf
    • http://www.gorillawalker.com/poetry-for-pussies-tales-of-the-inamorato-in-affairy-land.pdf
    • http://www.gorillawalker.com/tensor-spaces-and-exterior-algebra-translations-of-mathematical-monographs.pdf
    • http://www.gorillawalker.com/australia-s-most-eligible-bachelor.pdf
    • http://www.gorillawalker.com/coming-into-being-sabina-spielrein-jung-freud-and-psychoanalysis.pdf
    • http://www.gorillawalker.com/special-effects-make-up.pdf
    • http://www.gorillawalker.com/dominating-billionaires-the-complete-series-bundle-dominating-billionaires-erotic-romance.pdf
    • http://www.gorillawalker.com/controlled-by-lust-the-shaming-of-sheila-series-part-ii.pdf
    • http://www.gorillawalker.com/king-sudoku-s-big-book-of-sudoku-challenges-king-sudoku.pdf
    • http://www.gorillawalker.com/fdr-s-funeral-train-a-betrayed-widow-a-soviet-spy.pdf
    • http://www.gorillawalker.com/legalines-torts-adaptable-to-seventh-edition-of-the-franklin-casebook.pdf
    • http://www.gorillawalker.com/tri-faith-america-how-catholics-and-jews-held-postwar-america.pdf
    • http://www.gorillawalker.com/fiske-guide-to-colleges-2008.pdf
    • http://www.gorillawalker.com/the-stranger-and-the-red-rooster-el-forastero-y-el.pdf
    • http://www.gorillawalker.com/teaching-students-with-mental-retardation-providing-access-to-the-general.pdf
    • http://www.gorillawalker.com/knees-and-hips-a-troubleshooting-guide-to-knee-and-hip.pdf
    • http://www.gorillawalker.com/effect-of-virus-infections-on-the-function-of-the-immune.pdf
    • http://www.gorillawalker.com/reading-writing-and-the-rhetorics-of-whiteness-routledge-studies-in.pdf
    • http://www.gorillawalker.com/spirituality-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/windows-7-and-vista-guide-to-scripting-automation-and-command.pdf
    • http://www.gorillawalker.com/tai-chi-el-arte-marcial-de-los-monjes-taoistas-spanish.pdf
    • http://www.gorillawalker.com/the-plateau-bag-a-tradition-in-native-american-weaving.pdf
    • http://www.gorillawalker.com/chinese-beliefs-superstitions.pdf
    • http://www.gorillawalker.com/the-art-of-the-turnaround-creating-and-maintaining-healthy-arts.pdf
    • http://www.gorillawalker.com/phlebotomy-handbook-blood-collection-essentials-7th-edition.pdf
    • http://www.gorillawalker.com/dynamics-of-markets-econophysics-and-fina
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.