Malicious PDF — malware analysis report

Static analysis result for SHA-256 a204b15828b186ae…

MALICIOUS

PDF

41.8 KB Created: 2018-11-26 20:10:03 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: 858ad17cc1d95e4186de5acb711347d2 SHA-1: 3702cd654b9d1df601c3f1ee02ef3728a9271ad4 SHA-256: a204b15828b186aec379d4129c4355b3bedc101dda500c398d245e9d2a400fed
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a heuristic firing for a large number of external PDF links, indicating a link farm. The document body, though heavily obfuscated, contains numerous URLs pointing to PDF files hosted on www.gorillawalker.com. This suggests the primary purpose is to direct users to a large collection of external documents, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/la-forza-del-destino-act-iii-aria-venite-all-indovina.pdf
    • http://www.gorillawalker.com/the-correspondence-of-john-cotton-jr-publications-of-the-colonial.pdf
    • http://www.gorillawalker.com/the-works-of-h-rider-haggard-50-books-illustrated-kindle.pdf
    • http://www.gorillawalker.com/vegan-nutrition.pdf
    • http://www.gorillawalker.com/tales-of-mystery-and-magic.pdf
    • http://www.gorillawalker.com/the-book-on-forex-trading.pdf
    • http://www.gorillawalker.com/methods-of-literacy-research-the-methodology-chapters-from-the-handbook.pdf
    • http://www.gorillawalker.com/uso-de-diferentes-niveles-de-concentrado-en-el-desarrollo-de.pdf
    • http://www.gorillawalker.com/where-lilacs-still-bloom-a-novel.pdf
    • http://www.gorillawalker.com/outside-history-selected-poems-1980-1990.pdf
    • http://www.gorillawalker.com/sound-newbridge-early-science-series.pdf
    • http://www.gorillawalker.com/pedagogical-considerations-and-opportunities-for-teaching-and-learning-on-the.pdf
    • http://www.gorillawalker.com/keywords-for-disability-studies.pdf
    • http://www.gorillawalker.com/charlie-called-and-chosen.pdf
    • http://www.gorillawalker.com/kwanzaa-rookie-read-about-holidays.pdf
    • http://www.gorillawalker.com/albatros-fighter-aircraft-of-wwi-spotlight-on.pdf
    • http://www.gorillawalker.com/accounting-journal-single-entry-ledger.pdf
    • http://www.gorillawalker.com/you-can-be-a-pokemon-master-artist-how-to-draw.pdf
    • http://www.gorillawalker.com/my-first-handwriting-activity-book-develop-early-pencil-control-skills.pdf
    • http://www.gorillawalker.com/indonesia-discovery-of-the-past.pdf
    • http://www.gorillawalker.com/gesammelte-schriften-und-dichtungen-volume-8-primary-source-edition-german.pdf
    • http://www.gorillawalker.com/plunder-and-deceit.pdf
    • http://www.gorillawalker.com/minibeasts-in-the-home-where-to-find-minibeasts.pdf
    • http://www.gorillawalker.com/practice-makes-perfect-pre-algebra-kindle-edition.pdf
    • http://www.gorillawalker.com/security-cooperation-in-the-western-hemisphere-resolving-the-ecuador-peru.pdf
    • http://www.gorillawalker.com/lead-with-humility-12-leadership-lessons-from-pope-francis.pdf
    • http://www.gorillawalker.com/our-sexuality-with-cd-rom-infotrac-workbook-and-infotrac-advantage.pdf
    • http://www.gorillawalker.com/the-minister-and-the-groom-first-time-gay-erotic-romance.pdf
    • http://www.gorillawalker.com/inflation-policy-and-unemployment-theory.pdf
    • http://www.gorillawalker.com/anda-curso-elemental-2nd-edition.pdf
    • http://www.gorillawalker.com/everything-i-know-about-pirates-hardcover.pdf
    • http://www.gorillawalker.com/real-resumes-for-jobs-in-nonprofit-organizations-including-real-resumes.pdf
    • http://www.gorillawalker.com/la-fanciulla-del-west-full-score-a6176.pdf
    • http://www.gorillawalker.com/omaggio-al-whisky-cento-cocktail-volume-4-italian-edition.pdf
    • http://www.gorillawalker.com/handbook-of-visual-optics-two-volume-set.pdf
    • http://www.gorillawalker.com/broken-bayou.pdf
    • http://www.gorillawalker.com/a-kestrel-for-a-knave.pdf
    • http://www.gorillawalker.com/real-science-4-kids-chemistry-level-1-student-text.pdf
    • http://www.gorillawalker.com/acoustic-guitar-play-along-volume-10-hal-leonard-guitar-play.pdf
    • http://www.gorillawalker.com/supernature-a-natural-history-of-the-supernature.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.