Malicious PDF — malware analysis report

Static analysis result for SHA-256 8b642a6cc130ac61…

MALICIOUS

PDF

43.6 KB Created: 2018-12-15 20:01:18 +03:00 Authoring application: dvips(k) 5.96 Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.57)
MD5: 611a4a1ae7d1c0f76015e35335c6997d SHA-1: 08b9b9075664235428a91bf4a6fefabc32600792 SHA-256: 8b642a6cc130ac616ea8daab5561d5669cf9f482086d1a48676c9ecb59fa9910
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a heuristic firing for a large external link farm, pointing to numerous URLs hosted on www.gorillawalker.com. The document body is heavily obfuscated and unreadable, preventing a clear determination of its specific lure. However, the sheer volume of external links suggests a malicious intent, possibly for SEO manipulation or to redirect users to malicious sites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/reglamento-de-policia-de-la-rep-blica-de-honduras-decretado.pdf
    • http://www.gorillawalker.com/iec-60255-22-7-ed-1-0-b-2003-electrical.pdf
    • http://www.gorillawalker.com/the-self-healing-cookbook-whole-foods-to-balance-body-mind.pdf
    • http://www.gorillawalker.com/cult-places-and-cult-personnel-in-the-roman-empire-variorum.pdf
    • http://www.gorillawalker.com/confronting-the-american-dream-nicaragua-under-u-s-imperial-rule.pdf
    • http://www.gorillawalker.com/harlem-beat-vol-5.pdf
    • http://www.gorillawalker.com/from-artefacts-to-atoms-the-bipm-and-the-search-for.pdf
    • http://www.gorillawalker.com/highland-solution-inspirational-version-duncurra-inspirationals-book-1.pdf
    • http://www.gorillawalker.com/environmental-and-social-impact-assessment-an-introduction-hodder-arnold-publication.pdf
    • http://www.gorillawalker.com/obsidian-apocalypse.pdf
    • http://www.gorillawalker.com/a-life-that-really-matters-the-story-of-the-john.pdf
    • http://www.gorillawalker.com/contradictions-artistic-life-the-socialist-state-and-the-chinese-painter.pdf
    • http://www.gorillawalker.com/family-man.pdf
    • http://www.gorillawalker.com/the-resistible-demise-of-michael-jackson-zero-books.pdf
    • http://www.gorillawalker.com/comin-right-at-ya-how-a-jewish-yankee-hippie-went.pdf
    • http://www.gorillawalker.com/the-creation-die-schopfung-a-kalmus-classic-edition-german-edition.pdf
    • http://www.gorillawalker.com/form-i-fokus-ovningsbok-i-svensk-grammatik-book-b-swedish.pdf
    • http://www.gorillawalker.com/planning-an-african-safari-for-the-everyday-working-man.pdf
    • http://www.gorillawalker.com/the-adventures-of-cammy-lambie-in-the-place-of-the.pdf
    • http://www.gorillawalker.com/practical-reason-in-law-and-morality-law-state-and-practical.pdf
    • http://www.gorillawalker.com/the-last-contrail.pdf
    • http://www.gorillawalker.com/dead-bolt-haunted-home-renovation-series-book-2-unabridged-audible.pdf
    • http://www.gorillawalker.com/writing-dark-stories-how-to-write-horror-and-other-disturbing.pdf
    • http://www.gorillawalker.com/inside-out-how-corporate-america-destroyed-professional-wrestling-kindle-edition.pdf
    • http://www.gorillawalker.com/my-dog-has-flies-kindle-edition.pdf
    • http://www.gorillawalker.com/the-white-ox-the-journey-of-emily-swain-squires.pdf
    • http://www.gorillawalker.com/paediatric-rehabilitation-engineering-from-disability-to-possibility-rehabilitation-science-in.pdf
    • http://www.gorillawalker.com/mazurka-en-sol-mineur-sheet-music-for-piano-signed-by.pdf
    • http://www.gorillawalker.com/armed-and-dangerous-from-undercover-struggle-to-freedom.pdf
    • http://www.gorillawalker.com/hearing-in-time-psychological-aspects-of-musical-meter.pdf
    • http://www.gorillawalker.com/doors-to-the-sacred-kindle-edition.pdf
    • http://www.gorillawalker.com/tienes-un-minuto-al-dia-para-mejorar-tu-salud-spanish.pdf
    • http://www.gorillawalker.com/war-at-a-distance-romanticism-and-the-making-of-modern.pdf
    • http://www.gorillawalker.com/bound-for-trouble.pdf
    • http://www.gorillawalker.com/taken-by-spirits-paranormal-erotica-bundle-books-1-3.pdf
    • http://www.gorillawalker.com/lee-miller-a-life.pdf
    • http://www.gorillawalker.com/thinking-theologically-about-money-leader.pdf
    • http://www.gorillawalker.com/the-creative-arts-in-palliative-care.pdf
    • http://www.gorillawalker.com/introduction-to-art-therapy-sources-resources.pdf
    • http://www.gorillawalker.com/le-sentier-des-nids-d-araign-e.pdf
    • http://www.gorillawalker.com/iec-60255
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.