Malicious PDF — malware analysis report

Static analysis result for SHA-256 9303ff8972332a30…

MALICIOUS

PDF

41.2 KB Created: 2018-12-15 20:00:34 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: 83551ae0208ffb0f172bf15ec2def3d9 SHA-1: 7e989fb76fa9609e9ba5245c0a6d533a826971f1 SHA-256: 9303ff8972332a308df9461c02c1b3601ac21fe2abbaee375cad360f65f53c3a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a critical heuristic firing for a link farm, containing 32 external links to PDF documents hosted on www.gorillawalker.com. The document body also contains numerous embedded URLs pointing to similar PDF files. This suggests a malicious intent to either manipulate search engine rankings or distribute further malicious content through these links.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-other-c-word-in-other-words.pdf
    • http://www.gorillawalker.com/an-unlikely-union-love-inspired-historical.pdf
    • http://www.gorillawalker.com/the-state-as-child-protector-children-and-the-law-controversies.pdf
    • http://www.gorillawalker.com/from-harlem-to-the-universe-the-top-10-chicken-waffle.pdf
    • http://www.gorillawalker.com/study-less-learn-more-the-complete-guide-for-busy-students.pdf
    • http://www.gorillawalker.com/guide-vert-week-end-stockholm-green-guide-french-edition.pdf
    • http://www.gorillawalker.com/proyectos-en-madera-para-hacer-el-fin-de-semana-spanish.pdf
    • http://www.gorillawalker.com/mutual-caring.pdf
    • http://www.gorillawalker.com/the-priest-in-absolution-a-manual-for-hearing-confession-ssc.pdf
    • http://www.gorillawalker.com/book-selection-principles-and-practice.pdf
    • http://www.gorillawalker.com/vegetables-and-how-they-grow-real-readers-upper-emergent.pdf
    • http://www.gorillawalker.com/naruto-ccg-a-new-chronicle-booster-blister-pack.pdf
    • http://www.gorillawalker.com/plato-s-seventh-letter-philosophia-antiqua.pdf
    • http://www.gorillawalker.com/fokus-deutsch-beginning-german-1.pdf
    • http://www.gorillawalker.com/a-night-at-the-opera.pdf
    • http://www.gorillawalker.com/a-gathering-of-memories-a-place-called-home-series-book.pdf
    • http://www.gorillawalker.com/by-national-audubon-society-audubon-nature-calendar-2015-16m-wal.pdf
    • http://www.gorillawalker.com/project-portfolio-management-a-practical-guide-to-selecting-projects-managing.pdf
    • http://www.gorillawalker.com/the-art-of-mental-calculation-addition-subtraction.pdf
    • http://www.gorillawalker.com/eine-verfluchte-gabe-german-edition.pdf
    • http://www.gorillawalker.com/doug-the-dung-beetle-the-long-roll-home.pdf
    • http://www.gorillawalker.com/demons-ghosts-and-spectres-in-cornish-folklore.pdf
    • http://www.gorillawalker.com/an-innocent-soldier.pdf
    • http://www.gorillawalker.com/insects-of-southern-africa-sasol-first-field-guide.pdf
    • http://www.gorillawalker.com/impact-the-final-battle-the-death-of-king-arthur.pdf
    • http://www.gorillawalker.com/foul-football.pdf
    • http://www.gorillawalker.com/the-ghost-runner-a-makana-mystery-the-makana-mysteries.pdf
    • http://www.gorillawalker.com/the-parthenon-from-antiquity-to-the-present.pdf
    • http://www.gorillawalker.com/dental-hygiene-theory-and-practice-3e.pdf
    • http://www.gorillawalker.com/consumers-commissions-and-congress-law-theory-and-the-federal-trade.pdf
    • http://www.gorillawalker.com/slow-cooker-favorites-country-comfort-over-100-hearty-family-style.pdf
    • http://www.gorillawalker.com/notes-on-the-methodology-of-scientific-research.pdf
    • http://www.gorillawalker.com/cooper-s-pack-london.pdf
    • http://www.gorillawalker.com/hypno-sissy-syzygy-hypno-sissy-feminization-menage-erotica.pdf
    • http://www.gorillawalker.com/in-flight-italian-learn-before-you-land-italian-and-english.pdf
    • http://www.gorillawalker.com/qigong-massage-fundamental-techniques-for-health-and-relaxation.pdf
    • http://www.gorillawalker.com/isis-osiris-to-the-ends-of-the-earth-graphic-myths.pdf
    • http://www.gorillawalker.com/safe-words-a-deviations-novel.pdf
    • http://www.gorillawalker.com/exploring-the-relationship-between-urban-form-and-nonwork-travel-through.pdf
    • http://www.gorillawalker.com/modernism-inc-body-memory-capital.pdf
    • http://www.gorillawalker.com/the-priest-in-absolution-a-manual-for-hearing-confess
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.