Malicious PDF — malware analysis report

Static analysis result for SHA-256 9271cab578378113…

MALICIOUS

PDF

33.4 KB Created: 2020-02-19 09:57:37 +03:00 Authoring application: Acrobat PDFMaker 9.1 для Word (via Adobe PDF Library 9.0)
MD5: 8fd04e5f6f651ffe816412f408de798b SHA-1: f226a3cc4b8583723f1be6a5d901f800f9853b10 SHA-256: 9271cab57837811330e1f3d8ad29ea7580d2fa48181a425ade0ea8185fa685c5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file exhibits a critical heuristic firing for PDF_SEO_LINK_FARM, indicating a large number of external links. The embedded URLs, all pointing to www.gorillawalker.com, suggest a link farming or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links points towards an attempt to artificially inflate search engine rankings or potentially serve as a distribution point for further malicious content. The document body is heavily obfuscated and unreadable.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-muses-meridian-crossing-aesthetics.pdf
    • http://www.gorillawalker.com/beagles-calendar-2016-wall-calendars-dog-calendars-monthly-wall-calendar.pdf
    • http://www.gorillawalker.com/the-penguin-book-of-cliches-penguin-reference-books.pdf
    • http://www.gorillawalker.com/clinic-of-traditional-chinese-medicine-i-english-chinese.pdf
    • http://www.gorillawalker.com/practical-guidelines-for-cystic-fibrosis-care.pdf
    • http://www.gorillawalker.com/a-day-at-school.pdf
    • http://www.gorillawalker.com/karma-and-reincarnation-the-wisdom-of-yogananda-volume-2-v.pdf
    • http://www.gorillawalker.com/covent-garden-operas-mozart-the-magic-flute.pdf
    • http://www.gorillawalker.com/building-honda-k-series-engine-performance-cartech.pdf
    • http://www.gorillawalker.com/investigating-gender.pdf
    • http://www.gorillawalker.com/precalculus-mathematics-in-a-nutshell-geometry-algebra-trigonometry.pdf
    • http://www.gorillawalker.com/the-guinness-book-of-mindbenders.pdf
    • http://www.gorillawalker.com/giving-circles-philanthropy-voluntary-association-and-democracy-philanthropic-and-nonprofit.pdf
    • http://www.gorillawalker.com/the-good-beer-guide-to-new-york-where-to-find.pdf
    • http://www.gorillawalker.com/g-f-m-ller-and-the-imperial-russian-academy.pdf
    • http://www.gorillawalker.com/her-two-doms.pdf
    • http://www.gorillawalker.com/we-love-each-other-but-simple-secrets-to-strengthen-your.pdf
    • http://www.gorillawalker.com/the-crystal-mountain-empyrean-odyssey-book-iii-the-empryean-odyssey.pdf
    • http://www.gorillawalker.com/archie-s-caravan.pdf
    • http://www.gorillawalker.com/the-golden-lotus-volume-1-jin-ping-mei-tuttle-classics.pdf
    • http://www.gorillawalker.com/from-gobbledygook-to-clearly-written-annual-iep-goals-07-by.pdf
    • http://www.gorillawalker.com/movement-for-period-plays.pdf
    • http://www.gorillawalker.com/lysosomes-and-lysosomal-diseases-volume-126-methods-in-cell-biology.pdf
    • http://www.gorillawalker.com/dealing-with-a-depressed-person-coping-with-someone-with-depression.pdf
    • http://www.gorillawalker.com/whimsy-s-heavy-things.pdf
    • http://www.gorillawalker.com/the-red-badge-of-courage-saddleback-s-illustrated-classics.pdf
    • http://www.gorillawalker.com/alfred-solos-for-young-violinists-violin-part-and-accompaniment-vol.pdf
    • http://www.gorillawalker.com/the-cobad-syndrome-new-hope-for-people-suffering-from-the.pdf
    • http://www.gorillawalker.com/coming-webster-s-specialty-crossword-puzzles-volume-3-the-expert.pdf
    • http://www.gorillawalker.com/her-bisexual-policemen.pdf
    • http://www.gorillawalker.com/supply-chain-management-strategy-planning-and-operation.pdf
    • http://www.gorillawalker.com/i-what-is-literature-i.pdf
    • http://www.gorillawalker.com/math-triumphs-foundations-for-algebra-2-level-3-merrill-algebra.pdf
    • http://www.gorillawalker.com/master-dogen-s-shobogenzo-book-2.pdf
    • http://www.gorillawalker.com/fashion-designers-celebrity-secrets.pdf
    • http://www.gorillawalker.com/spectrum-algebra-workbook-grades-6-8.pdf
    • http://www.gorillawalker.com/glory-to-god-music-copy.pdf
    • http://www.gorillawalker.com/wood-whiskey-and-wine-a-history-of-barrels.pdf
    • http://www.gorillawalker.com/compendium-edition-clinical-application-of-counterstrain.pdf
    • http://www.gorillawalker.com/concerto-grosso-full-score.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.