Malicious PDF — malware analysis report

Static analysis result for SHA-256 58f0630cabc4e889…

MALICIOUS

PDF

45.4 KB Created: 2019-03-16 09:18:59 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: 945cc582210c7fc91bd76d6f9623ef27 SHA-1: 2e38f812b83d682e74228ef9c36c13200b2395b4 SHA-256: 58f0630cabc4e889de0e3a3705cb3325745c523e9fb4382a8ee95a3613811b5b
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file contains a large number of embedded links to external PDF documents hosted on 'www.gorillawalker.com'. This behavior is indicative of a link farm or SEO manipulation tactic, often used to mask malicious intent or distribute further payloads. The heuristic 'SE_PASSWORD_ARCHIVE_LURE' suggests that the document might also be instructing the user to open a password-protected archive, which is a common method to bypass security scans.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/brain-in-aging-and-dementia.pdf
    • http://www.gorillawalker.com/west-point-two-centuries-and-beyond.pdf
    • http://www.gorillawalker.com/clifford-visits-the-hospital.pdf
    • http://www.gorillawalker.com/ethics-in-accounting-a-decision-making-approach.pdf
    • http://www.gorillawalker.com/the-cross-by-day-mezuzzah-by-night.pdf
    • http://www.gorillawalker.com/creeds-of-life-love-inspiration-a-guidebook-of-everyday-wisdom.pdf
    • http://www.gorillawalker.com/grune-smoothies-zum-abnehmen-november-12-saisonale-rezepte-abgestimmt-auf.pdf
    • http://www.gorillawalker.com/castro-s-cuba-cuba-s-fidel-an-american-journalist-s.pdf
    • http://www.gorillawalker.com/french-horn-solos-four-pieces-for-french-horn-with-piano.pdf
    • http://www.gorillawalker.com/writing-romance-self-counsel-writing.pdf
    • http://www.gorillawalker.com/back-pain-recognition-and-management-3e-3rd-edition-by-hutson.pdf
    • http://www.gorillawalker.com/harmony-in-practice-answer-book.pdf
    • http://www.gorillawalker.com/a-comparison-study-evaluating-satisfaction-levels-of-orthodontic-patients-treated.pdf
    • http://www.gorillawalker.com/current-occupational-environmental-medicine-lange-medical-books.pdf
    • http://www.gorillawalker.com/let-s-explore-sea-animals-sticker-coloring-book-dover-nature.pdf
    • http://www.gorillawalker.com/the-flight-of-big-horse-the-trail-of-war-in.pdf
    • http://www.gorillawalker.com/revelation-revealed.pdf
    • http://www.gorillawalker.com/hilary-putnam-realism-reason-and-the-uses-of-uncertainty.pdf
    • http://www.gorillawalker.com/engaged-to-three-men-an-erotic-romance.pdf
    • http://www.gorillawalker.com/from-everywhere-to-everywhere-a-world-view-of-christian-mission.pdf
    • http://www.gorillawalker.com/divine-sayings-the-mishkat-al-anwar-of-ibn-arabi.pdf
    • http://www.gorillawalker.com/black-knight-ritchie-blackmore.pdf
    • http://www.gorillawalker.com/ivory-cats-mini-wall-calendar-2015-art-calendar.pdf
    • http://www.gorillawalker.com/the-dimensions-of-parking-d-10.pdf
    • http://www.gorillawalker.com/chasing-tradewinds-the-island-breeze-novella-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/applied-reactor-physics.pdf
    • http://www.gorillawalker.com/uncommon-marriage-learning-about-lasting-love-and-overcoming-life-s.pdf
    • http://www.gorillawalker.com/problem-solving-in-physiology.pdf
    • http://www.gorillawalker.com/the-correspondence-of-w-e-b-du-bois-vol-3.pdf
    • http://www.gorillawalker.com/getting-started-with-geographic-information-systems-3rd-edition.pdf
    • http://www.gorillawalker.com/global-catastrophes-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/fit-an-architect-s-manifesto.pdf
    • http://www.gorillawalker.com/fundamentos-de-control-de-motores-electricos-en-la-industria-fundamentals.pdf
    • http://www.gorillawalker.com/fundamental-principles-of-engineering-nanometrology-micro-and-nano-technologies.pdf
    • http://www.gorillawalker.com/the-health-care-provider-s-guide-to-facing-the-malpractice.pdf
    • http://www.gorillawalker.com/a-discussion-of-the-diagnosis-and-treatment-of-osteoporosis.pdf
    • http://www.gorillawalker.com/the-watercolorist-s-essential-notebook.pdf
    • http://www.gorillawalker.com/soldering-understanding-the-basics.pdf
    • http://www.gorillawalker.com/new-warriors-classic-vol-1-kindle-edition.pdf
    • http://www.gorillawalker.com/plants-that-merit-attention-shrubs.pdf
    • http://www.gorillawalker.com/castro-s-cuba-cuba-s-fidel-an-american-jour
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.