Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f17de6e8fcbdd25…

MALICIOUS

PDF

44.0 KB Created: 2019-04-28 13:15:44 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.0.0 (Windows))
MD5: 432e25267dc8f238d6f8050ffae19e68 SHA-1: b2ce106edea97a1db3962f89c61529c3cc4b73e3 SHA-256: 9f17de6e8fcbdd252993ec83268f1a14f0350beeda5535743bc2c307560db738
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. While no scripts were extracted, the sheer volume of links suggests a coordinated effort to direct traffic or users to potentially harmful resources. The PDF structure itself does not contain executable content, but the heuristic firing indicates a malicious intent related to the embedded links.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-singer-the-last-singer-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/outlook-of-natural-gas-lp-gas-industry-gas-energy-body.pdf
    • http://www.gorillawalker.com/radiance-current-theatre.pdf
    • http://www.gorillawalker.com/bridge-engineering-handbook-1st-first-edition.pdf
    • http://www.gorillawalker.com/cats-of-cairo-egypt-s-enduring-legacy.pdf
    • http://www.gorillawalker.com/staar-eoc-physics-assessment-secrets-study-guide-staar-test-review.pdf
    • http://www.gorillawalker.com/board-stiff-an-elliott-lisbon-mystery-volume-1.pdf
    • http://www.gorillawalker.com/mastering-and-managing-the-fda-maze-medical-device-overview-a.pdf
    • http://www.gorillawalker.com/lonely-planet-vietnam-cambodia-laos-northern-thailand-travel-guide-kindle.pdf
    • http://www.gorillawalker.com/marketing-the-core-mcgraw-hill-irwin-series-in-marketing.pdf
    • http://www.gorillawalker.com/rock-prints.pdf
    • http://www.gorillawalker.com/wendell-black-md-a-novel.pdf
    • http://www.gorillawalker.com/new-york-rangers-greatest-moments-and-players.pdf
    • http://www.gorillawalker.com/beauty-imagined-a-history-of-the-global-beauty-industry.pdf
    • http://www.gorillawalker.com/ib-psychology-sl-and-hl-examination-secrets-study-guide-ib.pdf
    • http://www.gorillawalker.com/qigong-massage-for-your-child-with-autism-a-home-program.pdf
    • http://www.gorillawalker.com/two-over-one-game-force-an-introduction.pdf
    • http://www.gorillawalker.com/chronicles-of-a-cruise-ship-crew-member-answers-to-all.pdf
    • http://www.gorillawalker.com/race-state-and-armed-forces-in-independence-era-brazil-bahia.pdf
    • http://www.gorillawalker.com/the-resolution-for-women-leathertouch.pdf
    • http://www.gorillawalker.com/introduction-to-statistical-mechanics.pdf
    • http://www.gorillawalker.com/jin-bu-chinese-teacher-guide-2-11-14-mandarin-chinese.pdf
    • http://www.gorillawalker.com/the-last-scot-s-army-1661-1714.pdf
    • http://www.gorillawalker.com/valentine-in-love.pdf
    • http://www.gorillawalker.com/girls-soccer-going-for-the-goal-girls-got-game-series.pdf
    • http://www.gorillawalker.com/the-tai-chi-healing-bible-improve-your-energy-coordination-and.pdf
    • http://www.gorillawalker.com/florida-construction-law-construction-law-library.pdf
    • http://www.gorillawalker.com/literacy-basics-ages-7-8-literary-basics.pdf
    • http://www.gorillawalker.com/exploring-the-dimensions-of-human-sexuality.pdf
    • http://www.gorillawalker.com/guerrero-de-tormentas-la-estrategia-para-la-victoria-del-creyente.pdf
    • http://www.gorillawalker.com/annual-editions-united-states-history-volume-2-reconstruction-through-the.pdf
    • http://www.gorillawalker.com/made-to-fail-13-secrets-of-successful-start-ups.pdf
    • http://www.gorillawalker.com/technical-traders-and-commodity-speculators-secrets-of-the-great-investors.pdf
    • http://www.gorillawalker.com/crime-and-punishment-in-istanbul-1700-1800.pdf
    • http://www.gorillawalker.com/pdr-for-ophthalmic-medicines-2011-physicians-desk-reference-for-ophthalmic.pdf
    • http://www.gorillawalker.com/complete-electric-bass-method-intermediate-electric-bass-bk-cd.pdf
    • http://www.gorillawalker.com/the-bureaucracy-of-beauty-design-in-the-age-of-its.pdf
    • http://www.gorillawalker.com/student-solutions-manual-to-accompany-college-algebra-essentials.pdf
    • http://www.gorillawalker.com/gelato-finding-italy-s-best-gelaterias-happy-belly-guides.pdf
    • http://www.gorillawalker.com/l-avorton-de-dieu-hors-collection-french-edition.pdf
    • http://www.gorillawalker.com/mastering-and-managing-the-fda-maze-medical-devi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.