Malicious PDF — malware analysis report

Static analysis result for SHA-256 760c7b2135bf8bd9…

MALICIOUS

PDF

42.6 KB Created: 2018-11-30 20:24:05 +03:00 Authoring application: Writer (via OpenOffice.org 3.2)
MD5: 4ddb5d0ecc4036a47587b13ad6964ecf SHA-1: d51cb71d8d1e9a84b841320d0ccb05b5f5d76689 SHA-256: 760c7b2135bf8bd98fe085ec06df7e763ccfad4150e615f4b9d18f13e8a30131
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a heuristic firing for a large number of external links, specifically pointing to PDF files hosted on www.gorillawalker.com. While no scripts were extracted, the sheer volume of links suggests a link farm or a method to distribute further malicious content. The embedded URLs are the primary indicators of malicious activity.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/belgium-and-holland-including-the-grand-duchy-of-luxembourg-handbook.pdf
    • http://www.gorillawalker.com/journey-to-home.pdf
    • http://www.gorillawalker.com/oxford-teachers-academy-teaching-english-to-teenagers-participant-code-card.pdf
    • http://www.gorillawalker.com/fantastic-football.pdf
    • http://www.gorillawalker.com/learn-to-draw-like-the-masters-dragons.pdf
    • http://www.gorillawalker.com/how-to-build-hot-rod-chassis-motorbooks-workshop-paperback.pdf
    • http://www.gorillawalker.com/smoothies-the-original-smoothie-book-vol-1.pdf
    • http://www.gorillawalker.com/dr-holoman-s-handy-guide-to-concert-going-a-short.pdf
    • http://www.gorillawalker.com/the-wicked-widow-meets-her-match-a-regency-rogues-novel.pdf
    • http://www.gorillawalker.com/the-legend-of-the-bunny.pdf
    • http://www.gorillawalker.com/fodor-s-japan-full-color-travel-guide-paperback-common.pdf
    • http://www.gorillawalker.com/the-voyage-of-the-sanderling-an-atlantic-odyssey.pdf
    • http://www.gorillawalker.com/dialogos-con-la-danza-dance-dialogues-vivencias-y-personajes-spanish.pdf
    • http://www.gorillawalker.com/possidius-of-calama-a-study-of-the-north-african-episcopate.pdf
    • http://www.gorillawalker.com/germany-a-country-study-da-pam-550-173.pdf
    • http://www.gorillawalker.com/ssat-isee-test-prep-essential-vocabulary-review-flashcards-ssat-isee.pdf
    • http://www.gorillawalker.com/your-travel-guide-to-ancient-greece-passport-to-history.pdf
    • http://www.gorillawalker.com/the-story-of-holly-and-ivy.pdf
    • http://www.gorillawalker.com/the-big-book-of-grandparents-names.pdf
    • http://www.gorillawalker.com/television-introductions-narrated-tv-program-openings-since-1949.pdf
    • http://www.gorillawalker.com/grizzly-almanac-a-fully-illustrated-natural-and-cultural-history-of.pdf
    • http://www.gorillawalker.com/basic-blues-guitar-method-bk-2-book-enhanced-cd.pdf
    • http://www.gorillawalker.com/defeating-obesity-diabetes-and-high-blood-pressure-the-metabolic-syndrome.pdf
    • http://www.gorillawalker.com/media-law-text-cases-and-materials-longman-law-series.pdf
    • http://www.gorillawalker.com/science-adventures-nature-activities-for-young-children-paperback.pdf
    • http://www.gorillawalker.com/fantastic-football-fact-attack.pdf
    • http://www.gorillawalker.com/public-management-a-three-dimensional-approach.pdf
    • http://www.gorillawalker.com/an-introduction-to-radiation-protection-science-paperbacks.pdf
    • http://www.gorillawalker.com/end-game-the-phenomenon-trilogy-volume-3.pdf
    • http://www.gorillawalker.com/cultural-politics-queer-reading-new-cultural-studies.pdf
    • http://www.gorillawalker.com/the-saint-plays-with-fire-the-saint-series.pdf
    • http://www.gorillawalker.com/sedona-travel-the-enchantment-of-the-red-rocks-coffee-table.pdf
    • http://www.gorillawalker.com/algebra-a-complete-introduction-a-teach-yourself-guide-teach-yourself.pdf
    • http://www.gorillawalker.com/warhammer-40-000-codex-dark-eldar-italian-edition.pdf
    • http://www.gorillawalker.com/islam-opposing-viewpoints-series.pdf
    • http://www.gorillawalker.com/funnyball-observations-from-a-summer-at-the-ballpark.pdf
    • http://www.gorillawalker.com/nursing-the-finest-art-an-illustrated-history.pdf
    • http://www.gorillawalker.com/the-ascent-of-rum-doodle-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/cocina-sin-colesterol.pdf
    • http://www.gorillawalker.com/new-world-drama-the-performative-commons-in-the-atlantic-world.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.