Malicious PDF — malware analysis report

Static analysis result for SHA-256 8daa4bed64724557…

MALICIOUS

PDF

33.2 KB Created: 2020-02-21 02:00:34 +03:00 Authoring application: ABBYY FineReader 8.0 Professional Edition
MD5: 7d5a40f1dfc0450f3b4181c84f1058f3 SHA-1: a42879f8d794bab2bef0f92b0540981bdb5488e6 SHA-256: 8daa4bed64724557d1cc0e38db57a19044577421fbe1dd926567adf3df159c4f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, all hosted on the domain 'www.gorillawalker.com'. This heuristic firing suggests the document is part of a link farm, potentially for SEO manipulation or to distribute further malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the exact user-facing lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chemical-process-simulation-and-the-aspen-hysys-software.pdf
    • http://www.gorillawalker.com/cartooning-the-head-figure.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-infectious-diseases-2-volume-set-6e.pdf
    • http://www.gorillawalker.com/waterpower-87-proceedings-of-the-international-conference-on-hydropower.pdf
    • http://www.gorillawalker.com/kenny-wayne-shepherd-guitar-play-along-volume-184.pdf
    • http://www.gorillawalker.com/lange-q-a-surgery-fifth-edition.pdf
    • http://www.gorillawalker.com/audiocassette-of-live-seminar-advanced-strategies-for-option-trading-success.pdf
    • http://www.gorillawalker.com/workbook-for-comprehensive-radiographic-pathology-5e.pdf
    • http://www.gorillawalker.com/taming-the-infinite-the-story-of-mathematics-from-the-first.pdf
    • http://www.gorillawalker.com/spectrum-language-arts-grade-3.pdf
    • http://www.gorillawalker.com/locating-global-advantage-industry-dynamics-in-the-international-economy-innovation.pdf
    • http://www.gorillawalker.com/the-golden-image.pdf
    • http://www.gorillawalker.com/gcse-double-science-chemistry-workbook-higher-level.pdf
    • http://www.gorillawalker.com/as-a-level-pure-mathematics-question-and-answer-guide.pdf
    • http://www.gorillawalker.com/motor-vehicle-collision-injuries-mechanisms-diagnosis-and-management.pdf
    • http://www.gorillawalker.com/florida-travel-pack-globetrotter-guides.pdf
    • http://www.gorillawalker.com/an-introduction-to-radiation-chemistry.pdf
    • http://www.gorillawalker.com/collins-gem-vietnamese-dictionary-collins-gem-published-by-collins-2010.pdf
    • http://www.gorillawalker.com/atlas-geografico-universal-y-de-colombia-spanish-edition.pdf
    • http://www.gorillawalker.com/once-a-wallflower-at-last-his-love-scandalous-seasons-book.pdf
    • http://www.gorillawalker.com/the-interactive-guide-to-fixed-income.pdf
    • http://www.gorillawalker.com/ego-trip-s-book-of-rap-lists.pdf
    • http://www.gorillawalker.com/introduction-to-quantum-computation-and-information.pdf
    • http://www.gorillawalker.com/the-company-they-keep.pdf
    • http://www.gorillawalker.com/kaktusbl.pdf
    • http://www.gorillawalker.com/assessing-the-theory-and-practice-of-land-value-taxation-policy.pdf
    • http://www.gorillawalker.com/slave-boy-kindle-edition.pdf
    • http://www.gorillawalker.com/luddites-and-friends-ideas.pdf
    • http://www.gorillawalker.com/the-enduring-forests-northern-california-oregon-washington-british-columbia-and.pdf
    • http://www.gorillawalker.com/shivers-vii.pdf
    • http://www.gorillawalker.com/ase-test-preparation-c1-service-consultant.pdf
    • http://www.gorillawalker.com/great-plant-guide.pdf
    • http://www.gorillawalker.com/understanding-employee-stock-options-rule-144-concentrated-stock-position-strategies.pdf
    • http://www.gorillawalker.com/g-i-joe-roots-of-retaliation.pdf
    • http://www.gorillawalker.com/los-ojos-del-tuareg-best-seller-spanish-edition.pdf
    • http://www.gorillawalker.com/glossary-of-sanskrit.pdf
    • http://www.gorillawalker.com/rv-camping-secrets-for-beginners-diy-hacks-you-must-know.pdf
    • http://www.gorillawalker.com/the-third-wave-of-the-holy-spirit-encountering-the-power.pdf
    • http://www.gorillawalker.com/space-oil-and-capital-routledge-studies-in-international-business-and.pdf
    • http://www.gorillawalker.com/engaging-characters-fiction-emotion-and-the-cinema.pdf
    • http://www.gorillawalker.com/motor-vehicle-collis
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.