Malicious PDF — malware analysis report

Static analysis result for SHA-256 9a2fe05b83856e5e…

MALICIOUS

PDF

35.4 KB Created: 2020-02-19 11:19:37 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: 4526e0ec473320b7e8ab41d38b5ef2df SHA-1: 457ae0db9605df895b11483c62c4707f6ebad370 SHA-256: 9a2fe05b83856e5ee208471b5559c3804a23854184d24a38a508d0979ef9fb0b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file exhibits a critical heuristic firing for a PDF SEO link farm, containing 32 external links predominantly pointing to the domain www.gorillawalker.com. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine results or distribute further malicious content. The document body is heavily obfuscated and unreadable, providing no direct clues to its intent beyond the link farm heuristic.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sixty-poems-for-the-one-i-love-to-rose.pdf
    • http://www.gorillawalker.com/a-pocket-guide-to-rocks-and-minerals-pocket-guides.pdf
    • http://www.gorillawalker.com/petain-how-the-hero-of-france-became-a-convicted-traitor.pdf
    • http://www.gorillawalker.com/history-of-punjabi-literature-850-to-1850-ad.pdf
    • http://www.gorillawalker.com/chimpanzees-2012-square-12x12-wall-calendar.pdf
    • http://www.gorillawalker.com/a-military-journal-during-the-american-revolutionary-war-from-1775.pdf
    • http://www.gorillawalker.com/trotpicks-modern-harness-handicapping-methods.pdf
    • http://www.gorillawalker.com/texas-wills-and-estates-cases-and-materials-6th-edition.pdf
    • http://www.gorillawalker.com/daniel-s-prophecies-made-easy.pdf
    • http://www.gorillawalker.com/enzymes-enzyme-therapy-how-to-jump-start-your-way-to.pdf
    • http://www.gorillawalker.com/frog-juice-a-clever-card-game-of-spells-concoctions-with.pdf
    • http://www.gorillawalker.com/my-bombay-kitchen-traditional-and-modern-parsi-home-cooking.pdf
    • http://www.gorillawalker.com/confocal-microscopy-and-multiphoton-excitation-microscopy-the-genesis-of-live.pdf
    • http://www.gorillawalker.com/the-situationists-and-the-city-a-reader.pdf
    • http://www.gorillawalker.com/the-top-twelve-best-selling-praise-and-worship-anthems.pdf
    • http://www.gorillawalker.com/research-methods-in-nursing-and-midwifery-pathways-to-evidence-based.pdf
    • http://www.gorillawalker.com/gluten-free-college-student-cookbook-201-gf-cf-recipes-for.pdf
    • http://www.gorillawalker.com/the-aggregate-production-function-and-the-measurement-of-technical-change.pdf
    • http://www.gorillawalker.com/hot-celebrity-quizzes.pdf
    • http://www.gorillawalker.com/a-history-of-the-sikhs-volume-2-1839-2004-oxford.pdf
    • http://www.gorillawalker.com/cambridge-english-empower-upper-intermediate-presentation-plus-dvd-rom.pdf
    • http://www.gorillawalker.com/christian-theology-vol-1.pdf
    • http://www.gorillawalker.com/the-girl-with-seven-names-a-north-korean-defector-s.pdf
    • http://www.gorillawalker.com/a-user-s-guide-to-vacuum-technology.pdf
    • http://www.gorillawalker.com/an-eye-in-the-storm-an-american-war-correspondent-s.pdf
    • http://www.gorillawalker.com/women-against-slavery-the-british-campaigns-1780-1870.pdf
    • http://www.gorillawalker.com/the-royal-wedding-of-prince-william-and-kate-middleton.pdf
    • http://www.gorillawalker.com/the-helicopter-adventure.pdf
    • http://www.gorillawalker.com/the-circle.pdf
    • http://www.gorillawalker.com/polly-the-true-story-behind-whisky-galore.pdf
    • http://www.gorillawalker.com/laser-diagnostics-and-modeling-of-combustion.pdf
    • http://www.gorillawalker.com/fruits-basket-vol-10.pdf
    • http://www.gorillawalker.com/the-naked-mountain.pdf
    • http://www.gorillawalker.com/psychophysics-the-fundamentals.pdf
    • http://www.gorillawalker.com/the-static-universe-exploding-the-myth-of-cosmic-expansion.pdf
    • http://www.gorillawalker.com/the-pacific-mutual-life-insurance-company-of-california-a-history.pdf
    • http://www.gorillawalker.com/ein-schwan-a-swan-soprano-in-f-sheet-music.pdf
    • http://www.gorillawalker.com/women-and-american-foreign-policy-lobbyists-critics-and-insiders-america.pdf
    • http://www.gorillawalker.com/aroma-of-beer-wine-and-distilled-alcoholic-beverages-handbook-of.pdf
    • http://www.gorillawalker.com/when-computing-got-personal-a-history-of-the-desktop-computer.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.