Malicious PDF — malware analysis report

Static analysis result for SHA-256 a6ddad177ca90381…

MALICIOUS

PDF

42.0 KB Created: 2018-11-14 08:43:56 +03:00 Authoring application: calibre 0.9.2 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 4728384b939e2f2826892d44e7d11bd7 SHA-1: 2cb162e3278fd72a5b5802dfc0bcb7b03383d4c7 SHA-256: a6ddad177ca903818f7fda99a897e70af8b28b309efcccd97363315f3cbbb6f0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external URLs, as indicated by the PDF_SEO_LINK_FARM heuristic. The document body itself is heavily obfuscated and does not provide clear textual lures. The primary function appears to be directing users to a multitude of websites hosted on www.gorillawalker.com, likely for SEO spam or to serve further malicious content.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/goddesses-in-world-mythology.pdf
    • http://www.gorillawalker.com/how-to-diagnose-and-treat-skull-fractures-kindle-edition.pdf
    • http://www.gorillawalker.com/body-building-for-women-a-practical-guide-for-a-better.pdf
    • http://www.gorillawalker.com/knopf-guide-naples-knopf-guides.pdf
    • http://www.gorillawalker.com/leed-ap-interior-design-construction-study-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/rethinking-aesthetics-the-role-of-body-in-design.pdf
    • http://www.gorillawalker.com/houghton-mifflin-math-grade-3.pdf
    • http://www.gorillawalker.com/engineering-applications-software-development-using-fortran-77.pdf
    • http://www.gorillawalker.com/the-promise-of-palm-grove-amish-brides-of-pinecraft-book.pdf
    • http://www.gorillawalker.com/wjec-eduqas-gcse-english-literature-an-inspector-calls.pdf
    • http://www.gorillawalker.com/anatomy-flash-cards-anatomy-on-the-go-second-edition-latin.pdf
    • http://www.gorillawalker.com/the-empress-the-queen-and-the-nun-women-and-power.pdf
    • http://www.gorillawalker.com/einstein-s-legacy-the-unity-of-space-and-time.pdf
    • http://www.gorillawalker.com/palm-branches-les-rameaux-sheet-music-choice-vocal-selections-for.pdf
    • http://www.gorillawalker.com/educating-the-endangered-species-the-black-male.pdf
    • http://www.gorillawalker.com/crisis-preparedness-handbook-a-comprehensive-guide-to-home-storage-and.pdf
    • http://www.gorillawalker.com/youth-gangs-in-american-society-wadsworth-contemporary-issues-in-crime.pdf
    • http://www.gorillawalker.com/afloat-on-the-tide-wooden-dinghies-prams-skiffs-and-other.pdf
    • http://www.gorillawalker.com/el-aroma-del-tiempo-un-ensayo-filos-fico-sobre-el.pdf
    • http://www.gorillawalker.com/mathematics-its-content-methods-and-meaning-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/bicycle-maintenance-show-me-how.pdf
    • http://www.gorillawalker.com/adolescent-psychiatry-volume-viii.pdf
    • http://www.gorillawalker.com/mas-alla-de-la-anorexia-y-la-bulimia-beyond-anorexia.pdf
    • http://www.gorillawalker.com/medical-terminology-a-short-course-3rd-edition.pdf
    • http://www.gorillawalker.com/monsters-of-the-gods.pdf
    • http://www.gorillawalker.com/the-lucky-place-kindle-edition.pdf
    • http://www.gorillawalker.com/nathan-bedford-forrest-southern-hero-american-patriot.pdf
    • http://www.gorillawalker.com/muscle-moves-to-portland-a-ryder-kellington-book-the-adventures.pdf
    • http://www.gorillawalker.com/now-a-major-motion-picture-a-romantic-comedy.pdf
    • http://www.gorillawalker.com/folk-tales-of-andros-island-bahamas-volume-13-primary-source.pdf
    • http://www.gorillawalker.com/how-i-survived-single-parenting-and-lived-to-tell-about.pdf
    • http://www.gorillawalker.com/the-silent-healer-a-modern-study-of-aloe-vera.pdf
    • http://www.gorillawalker.com/dragons-riders-of-berk-volume-1-dragon-down.pdf
    • http://www.gorillawalker.com/the-apocryphon-of-john-and-other-coptic-translations.pdf
    • http://www.gorillawalker.com/understanding-art.pdf
    • http://www.gorillawalker.com/a-loose-screw-volume-one.pdf
    • http://www.gorillawalker.com/divertimento-on-folk-songs-score-and-parts.pdf
    • http://www.gorillawalker.com/the-ever-living-priest-sermons-on-hebrews-kindle-edition.pdf
    • http://www.gorillawalker.com/your-aura-and-your-chakras-the-owner-s-manual.pdf
    • http://www.gorillawalker.com/mindsight.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.