Malicious PDF — malware analysis report

Static analysis result for SHA-256 9cfcba2016baffe2…

MALICIOUS

PDF

42.8 KB Created: 2018-11-23 20:30:08 +03:00 Authoring application: LaTeX with hyperref and pdfscreen (via Mac OS X 10.5.7 Quartz PDFContext)
MD5: 6beeb5f890637fd811d10c1fdddcaed6 SHA-1: e8346dc8c1c34e4646bd50e3f26b3b3e221adeee SHA-256: 9cfcba2016baffe27e03502a97def74a4f114accc2ba980ed1fd48d55b281f1b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a link farm, indicating a large number of embedded external URLs. The document body is heavily obfuscated and unreadable, but the presence of numerous links to PDFs on 'gorillawalker.com' suggests a tactic to manipulate search engine results or to distribute further malicious content disguised as legitimate documents. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/complete-directory-for-people-with-disabilities.pdf
    • http://www.gorillawalker.com/haydn-s-oratorio-the-creation-arranged-from-the-full-score.pdf
    • http://www.gorillawalker.com/structured-exercises-in-wellness-promotion-vol-003.pdf
    • http://www.gorillawalker.com/cady-books-potential-to-stimulate-the-training-1-2-years.pdf
    • http://www.gorillawalker.com/corinthians-1-and-2-enhanced-e-book-edition-illustrated-includes.pdf
    • http://www.gorillawalker.com/animal-house-when-objects-have-animals-names-permanent-collection-of.pdf
    • http://www.gorillawalker.com/by-trends-international-how-to-train-your-dragon-2-2015.pdf
    • http://www.gorillawalker.com/spiritual-care-a-guide-for-caregivers.pdf
    • http://www.gorillawalker.com/spanish-verbs-the-art-of-conjugation-learn-spanish-4-life.pdf
    • http://www.gorillawalker.com/net-4-5-parallel-extensions-cookbook.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-real-estate-law-for-paralegals.pdf
    • http://www.gorillawalker.com/law-of-employment-discrimination-cases-and-materials-2008-case-supplement.pdf
    • http://www.gorillawalker.com/reinsurance-management-a-practical-guide-practical-insurance-guides.pdf
    • http://www.gorillawalker.com/michelangelo-the-sistine-chapel-ceiling-rome-great-fresco-cycles-of.pdf
    • http://www.gorillawalker.com/pro-engine-blueprinting-motorbooks-workshop.pdf
    • http://www.gorillawalker.com/physicians-cancer-chemotherapy-drug-manual-2014-jones-and-bartlett-series.pdf
    • http://www.gorillawalker.com/barnyard-bliss.pdf
    • http://www.gorillawalker.com/from-jerusalem-to-the-lion-of-judah-and-beyond-israel.pdf
    • http://www.gorillawalker.com/gadfly-in-russia.pdf
    • http://www.gorillawalker.com/the-pinch-market-square-brinkley-park-neighborhood-story-and-a.pdf
    • http://www.gorillawalker.com/logbuch-israel.pdf
    • http://www.gorillawalker.com/how-to-play-from-a-fake-book-keyboard-edition.pdf
    • http://www.gorillawalker.com/james-watt-chemist-understanding-the-origins-of-the-steam-age.pdf
    • http://www.gorillawalker.com/roark-s-formulas-for-stress-and-strain-8th-edition.pdf
    • http://www.gorillawalker.com/war-department-technical-manual-ordnance-maintenance-binoculars-field-glasses-and.pdf
    • http://www.gorillawalker.com/the-story-of-europe.pdf
    • http://www.gorillawalker.com/diagraming-sentences.pdf
    • http://www.gorillawalker.com/modern-china-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/random-signals-and-noise-a-mathematical-introduction.pdf
    • http://www.gorillawalker.com/sharh-al-mu-allaqat-al-sab-a-lil-tabrizi-arab.pdf
    • http://www.gorillawalker.com/ed-emberley-s-big-purple-drawing-book.pdf
    • http://www.gorillawalker.com/the-philosophy-of-conspiracy-theories.pdf
    • http://www.gorillawalker.com/london-and-the-culture-of-homosexuality-1885-1914-cambridge-studies.pdf
    • http://www.gorillawalker.com/transistor-dictionary-bipolar-transistors.pdf
    • http://www.gorillawalker.com/public-management-and-governance.pdf
    • http://www.gorillawalker.com/people-s-participation-in-family-planning.pdf
    • http://www.gorillawalker.com/san-francisco-ballet-at-seventy-five.pdf
    • http://www.gorillawalker.com/instant-e-commerce-with-opencart-build-a-shop.pdf
    • http://www.gorillawalker.com/the-little-seagull-handbook-second-edition.pdf
    • http://www.gorillawalker.com/water-buffalo-days-growing-up-in-vietnam.pdf
    • http://www.gorillawalker.com/corinthians-1-and-2-enhanced-e-book-edition-il
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.