Malicious PDF — malware analysis report

Static analysis result for SHA-256 835239bc6f416ff3…

MALICIOUS

PDF

44.3 KB Created: 2019-03-18 08:56:58 +03:00 Authoring application: - (via Acrobat Distiller 5.0 (Windows))
MD5: 7f37c825a791d64b234a7d9dacf43265 SHA-1: 092b8ef29e23787f66d5816b0817d333df12f2bf SHA-256: 835239bc6f416ff3f47862a13b7eddce4f43db1bb608b5fbf4a4c0461513395e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large number of embedded external links, all pointing to PDFs hosted on www.gorillawalker.com. This suggests a link farm or SEO manipulation tactic. The document body is heavily obfuscated and contains numerous URLs, reinforcing the link farm hypothesis. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/auditing-assurance-principles-practice.pdf
    • http://www.gorillawalker.com/investments-analysis-selection-and-management.pdf
    • http://www.gorillawalker.com/mark-twain-america-s-humorist-dreamer-prophet-scholastic-biography.pdf
    • http://www.gorillawalker.com/mouth-ulcers-pipeline-review-h2-2011-download-pdf-digital.pdf
    • http://www.gorillawalker.com/in-his-secret-life.pdf
    • http://www.gorillawalker.com/thor-by-walter-simonson-volume-2-thor-graphic-novels-paperback.pdf
    • http://www.gorillawalker.com/kayaking-around-the-key-peninsula.pdf
    • http://www.gorillawalker.com/gardens-in-art-a-guide-to-imagery.pdf
    • http://www.gorillawalker.com/el-p-ndulo-de-foucault-spanish-edition.pdf
    • http://www.gorillawalker.com/dachshund-calendar-only-dog-breed-dachshund-calendar-2016-wall-calendars.pdf
    • http://www.gorillawalker.com/stella-set-a-early-guided-readers-storyteller-moon-rising.pdf
    • http://www.gorillawalker.com/dust-scarpetta.pdf
    • http://www.gorillawalker.com/jean-epstein-corporeal-cinema-and-film-philosophy-french-film-directors.pdf
    • http://www.gorillawalker.com/the-cretaceous-birds-of-new-jersey.pdf
    • http://www.gorillawalker.com/boxed-a-visual-history-and-the-art-of-boxing.pdf
    • http://www.gorillawalker.com/from-sugar-to-revolution-women-s-visions-of-haiti-cuba.pdf
    • http://www.gorillawalker.com/forensic-investigation-of-explosions-second-edition-international-forensic-science-and.pdf
    • http://www.gorillawalker.com/introduction-to-molecular-magnetism-from-transition-metals-to-lanthanides.pdf
    • http://www.gorillawalker.com/advanced-decision-making-methods-applied-to-health-care-international-series.pdf
    • http://www.gorillawalker.com/insiders-guide-san-antonio-in-your-pocket-your-guide-to.pdf
    • http://www.gorillawalker.com/soft-wired-how-the-new-science-of-brain-plasticity-can.pdf
    • http://www.gorillawalker.com/unforgiven-the-wilde-brothers-book-8.pdf
    • http://www.gorillawalker.com/skeletons-in-the-closet-roswell.pdf
    • http://www.gorillawalker.com/bomb-hunters-in-afghanistan-with-britain-s-elite-bomb-disposal.pdf
    • http://www.gorillawalker.com/fierce-invalids-home-from-hot-climates.pdf
    • http://www.gorillawalker.com/my-money.pdf
    • http://www.gorillawalker.com/maine-amphibians-and-reptiles.pdf
    • http://www.gorillawalker.com/national-geographic-112-years.pdf
    • http://www.gorillawalker.com/brill-s-companion-to-medieval-and-early-modern-platonism-brill.pdf
    • http://www.gorillawalker.com/50-psychology-classics-who-we-are-how-we-think-what.pdf
    • http://www.gorillawalker.com/the-peril-and-preservation-of-the-home-being-the-william.pdf
    • http://www.gorillawalker.com/battlestar-galactica-the-official-companion-season-two.pdf
    • http://www.gorillawalker.com/social-media-recruitment-how-to-successfully-integrate-social-media-into.pdf
    • http://www.gorillawalker.com/shaker-legacy-the-perspectives-on-an-enduring-furniture-style.pdf
    • http://www.gorillawalker.com/the-way-of-an-eagle.pdf
    • http://www.gorillawalker.com/salsas-sauce-spanish-language-edition-coleccion-williams-sonoma-spanish-edition.pdf
    • http://www.gorillawalker.com/japanese-pharmacopoeia-supplement-2-pharmacopoeia-of-japan.pdf
    • http://www.gorillawalker.com/kostenmanagement-und-controlling-schriften-zum-controlling-german-edition.pdf
    • http://www.gorillawalker.com/the-nature-of-animal-healing-the-definitive-holistic-medicine-guide.pdf
    • http://www.gorillawalker.com/dynamic-science-for-the-australian-curriculum-year-7-teacher-edition.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.