Malicious PDF — malware analysis report

Static analysis result for SHA-256 58552573efe85375…

MALICIOUS

PDF

45.2 KB Created: 2018-11-15 18:31:58 +03:00 Authoring application: - (via ABBYY FineReader 9.0 Sprint)
MD5: 8b6a6f27a6b695c6835ab8bbba857406 SHA-1: 4fe612fac3727c0a4e885bb3064347d2822702ec SHA-256: 58552573efe85375ccd66059ce7d05c1a45d5e6f3909ed52cf2d2206f4d37d38
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a heuristic firing for PDF_SEO_LINK_FARM, indicating it hosts a large number of external links. The document body is heavily obfuscated and unreadable, but the embedded URLs point to a variety of PDF files on the domain www.gorillawalker.com. This suggests the document's primary purpose is to act as a link farm, potentially for SEO manipulation or to distribute other malicious content indirectly.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sevcik-for-cello-op-2-part-5.pdf
    • http://www.gorillawalker.com/speaking-desires-can-be-dangerous-the-poetics-of-the-unconscious.pdf
    • http://www.gorillawalker.com/essentials-of-botanical-extraction-principles-and-applications.pdf
    • http://www.gorillawalker.com/the-garden-party-and-other-stories-adaptation-oxford-bookworms-library.pdf
    • http://www.gorillawalker.com/a-rainbow-of-friends.pdf
    • http://www.gorillawalker.com/r-is-for-ricochet.pdf
    • http://www.gorillawalker.com/gray-s-anatomy-review-1e.pdf
    • http://www.gorillawalker.com/delicate-tapestries-a-step-by-step-guide-to-raising-eastern.pdf
    • http://www.gorillawalker.com/sociology-a-brief-introduction-11e-loose-leaf.pdf
    • http://www.gorillawalker.com/gender-and-germanness-cultural-productions-of-nation-modern-german-studies.pdf
    • http://www.gorillawalker.com/zapp-the-lightning-of-empowerment-how-to-improve-quality-productivity.pdf
    • http://www.gorillawalker.com/a-history-of-the-inquisition-of-the-middle-ages-in.pdf
    • http://www.gorillawalker.com/before-she-hits-the-roof.pdf
    • http://www.gorillawalker.com/translation-adaptation-and-transformation-bloomsbury-advances-in-translation.pdf
    • http://www.gorillawalker.com/matunuck-images-of-america.pdf
    • http://www.gorillawalker.com/lo-que-no-te-dice-tu-hija-what-your-daughter.pdf
    • http://www.gorillawalker.com/women-claim-the-vote-the-rise-of-the-women-s.pdf
    • http://www.gorillawalker.com/havanas-for-pleasure.pdf
    • http://www.gorillawalker.com/classified-hip-hop-or-i-wanna-blow-up-like-marilyn.pdf
    • http://www.gorillawalker.com/detox-cleanse-for-fast-weight-loss-anti-aging-holistic-healing.pdf
    • http://www.gorillawalker.com/the-amateur-strategist-intuitive-deterrence-theories-and-the-politics-of.pdf
    • http://www.gorillawalker.com/climbing-dictionary-mountaineering-slang-terms-neologisms-and-lingo-by-samet.pdf
    • http://www.gorillawalker.com/the-bundy-murders-a-comprehensive-history-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-fortunes-of-francesca-christmas-theme.pdf
    • http://www.gorillawalker.com/irina-ionesco-r.pdf
    • http://www.gorillawalker.com/legion-of-super-heroes-vol-1-teenage-revolution.pdf
    • http://www.gorillawalker.com/mosby-s-essentials-for-nursing-assistants-text-workbook-and-mosby.pdf
    • http://www.gorillawalker.com/lady-deception.pdf
    • http://www.gorillawalker.com/the-gnosis-according-to-its-foes.pdf
    • http://www.gorillawalker.com/the-birth-of-opal-natural-and-synthetic.pdf
    • http://www.gorillawalker.com/encyclopedia-of-hair-a-cultural-history.pdf
    • http://www.gorillawalker.com/california-s-great-chardonnays-the-wine-spectator-s-ultimate-guide.pdf
    • http://www.gorillawalker.com/social-security-recovery-of-benefits-act-1997-chapter-27-public.pdf
    • http://www.gorillawalker.com/the-devil-in-the-white-city-murder-magic-madness-and.pdf
    • http://www.gorillawalker.com/healing-the-eight-stages-of-life.pdf
    • http://www.gorillawalker.com/plague-nation-ashley-parker.pdf
    • http://www.gorillawalker.com/progress-in-domiciliary-respiratory-care-current-status-and-perspective-studies.pdf
    • http://www.gorillawalker.com/wall-iv-the-brandon-slazengr-experience-volume-4.pdf
    • http://www.gorillawalker.com/elements-of-witchcraft-natural-magick-for-teens-kindle-edition.pdf
    • http://www.gorillawalker.com/investing-for-couch-potatoes-concise-edition-concise-series-volume-1.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.