Malicious PDF — malware analysis report

Static analysis result for SHA-256 845b01ebe54cc02f…

MALICIOUS

PDF

34.6 KB Created: 2020-01-17 19:19:45 +03:00 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)
MD5: 7cfb75c2c8308c5ca9166a1e79fed5d9 SHA-1: e3c878aef14bdf8dc15719a81e1b4b0230fa3c33 SHA-256: 845b01ebe54cc02f1a05f7fd6c2f75d096fc49ab9e02f9ad5aedaf82ee21b151
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to PDF files on the domain www.gorillawalker.com. This is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious files. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/year-6-composition-pupil-book-treasure-house.pdf
    • http://www.gorillawalker.com/care-the-essence-of-nursing-and-health-human-care-and.pdf
    • http://www.gorillawalker.com/the-triple-crown-affair-book-1-secret-white-sheet-iif.pdf
    • http://www.gorillawalker.com/the-hunter-s-blades-trilogy-collector-s-edition-forgotten-realms.pdf
    • http://www.gorillawalker.com/psychology-and-freudian-theory-an-introduction.pdf
    • http://www.gorillawalker.com/refinery-engineering-integrated-process-modeling-and-optimization.pdf
    • http://www.gorillawalker.com/paleo-recipes-for-auto-immune-diseases-the-modern-cavemen.pdf
    • http://www.gorillawalker.com/automating-with-simatic-s7-300-inside-tia-portal-configuring-programming.pdf
    • http://www.gorillawalker.com/raw-my-story.pdf
    • http://www.gorillawalker.com/the-slangman-guide-to-biz-speak-1-slang-idioms-jargon.pdf
    • http://www.gorillawalker.com/principles-of-marketing-a-global-perspective.pdf
    • http://www.gorillawalker.com/diana-su-verdada-historia.pdf
    • http://www.gorillawalker.com/uncle-john-s-bathroom-reader-wonderful-world-of-odd.pdf
    • http://www.gorillawalker.com/jonas-salk-a-life.pdf
    • http://www.gorillawalker.com/gospel-hymns-we-love-your-favorite-composers-share-a-few.pdf
    • http://www.gorillawalker.com/torina-s-world-a-child-s-life-in-madagascar.pdf
    • http://www.gorillawalker.com/secret-gardens-of-the-cotswolds-a-personal-tour-of-20.pdf
    • http://www.gorillawalker.com/when-experiments-travel-clinical-trials-and-the-global-search-for.pdf
    • http://www.gorillawalker.com/model-theory-third-edition-studies-in-logic-and-the-foundations.pdf
    • http://www.gorillawalker.com/profiles-of-drug-substances-excipients-and-related-methodology-volume-31.pdf
    • http://www.gorillawalker.com/remote-sensing-for-gis-managers.pdf
    • http://www.gorillawalker.com/presidents-secret-wars-cia-and-pentagon-covert-operations-from-world.pdf
    • http://www.gorillawalker.com/las-plantas-son-seres-vivos-plants-are-living-things-introduccion.pdf
    • http://www.gorillawalker.com/selling-strategic-defense-interests-ideologies-and-the-arms-race.pdf
    • http://www.gorillawalker.com/10-04-a-novel.pdf
    • http://www.gorillawalker.com/privilege-issues-in-the-age-of-electronic-discovery-2010-edition.pdf
    • http://www.gorillawalker.com/quimera-mexico-city-tourist-map-mapa-turistico-ciudad-de-mexico.pdf
    • http://www.gorillawalker.com/the-adjuster-making-insurance-claims-pay.pdf
    • http://www.gorillawalker.com/on-the-razor-s-edge-kindle-edition.pdf
    • http://www.gorillawalker.com/that-this-new-directions-books.pdf
    • http://www.gorillawalker.com/writing-imagined-diasporas-south-asian-women-reshaping-north-american-identity.pdf
    • http://www.gorillawalker.com/augustine-s-inner-dialogue-the-philosophical-soliloquy-in-late-antiquity.pdf
    • http://www.gorillawalker.com/el-negocio-de-4-horas-por-fin-descifrado-el-c.pdf
    • http://www.gorillawalker.com/the-nlt-bible-promise-book-for-tough-times.pdf
    • http://www.gorillawalker.com/nursing-concepts-of-practice.pdf
    • http://www.gorillawalker.com/wind-toys-that-spin-sing-twirl-whirl-wind-chimes-windsocks.pdf
    • http://www.gorillawalker.com/growing-love-in-christian-marriage.pdf
    • http://www.gorillawalker.com/psicof.pdf
    • http://www.gorillawalker.com/revisiting-jewish-spain-in-the-modern-era.pdf
    • http://www.gorillawalker.com/the-future-of-foreign-aid-development-cooperation-and-the-new.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.