Malicious PDF — malware analysis report

Static analysis result for SHA-256 a7baf510d900f6d4…

MALICIOUS

PDF

33.3 KB Created: 2020-01-17 19:19:21 +03:00 Authoring application: Word (via Mac OS X 10.10.5 Quartz PDFContext)
MD5: 8bd10e2d9c3dfa8765ba07baa8d7145a SHA-1: f6c6d38e44932159bbad17c73fbb28774e3b422a SHA-256: a7baf510d900f6d46880e8ca8fd3dea5cf0602cf8746b53a756772c06755a029
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a heuristic firing for a large number of external links, indicating a link farm. The embedded URLs all point to the same domain, www.gorillawalker.com, suggesting an attempt to manipulate search engine rankings or distribute content from a single source. No scripts were extracted, and the document body was not readable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/torres-and-ehrlich-modern-dental-assisting-text-workbook-and-boyd.pdf
    • http://www.gorillawalker.com/children-s-turkish-book-ben-and-gwen-play-the-game.pdf
    • http://www.gorillawalker.com/the-compleat-nevada-traveler-a-guide-to-the-state.pdf
    • http://www.gorillawalker.com/breaking-their-will-shedding-light-on-religious-child-maltreatment.pdf
    • http://www.gorillawalker.com/neuropsychological-assessment-of-neuropsychiatric-disorders.pdf
    • http://www.gorillawalker.com/let-s-go-london-oxford-cambridge-the-student-travel-guide.pdf
    • http://www.gorillawalker.com/cultural-capital-the-promises-and-pitffalls-in-education-research-aehe.pdf
    • http://www.gorillawalker.com/the-state-of-the-earth-environmental-challenges-on-the-road.pdf
    • http://www.gorillawalker.com/killing-kathleen-rough-notes-from-a-dead-man-dark-story.pdf
    • http://www.gorillawalker.com/washington-square-adaptation-oxford-bookworms-library-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/social-policy-themes-and-approaches.pdf
    • http://www.gorillawalker.com/the-frog-and-the-plagues-their-side-of-the-story.pdf
    • http://www.gorillawalker.com/baking-by-hand-make-the-best-artisanal-breads-and-pastries.pdf
    • http://www.gorillawalker.com/yu-gi-oh-duelist-vol-23-yu-gi-oh-the.pdf
    • http://www.gorillawalker.com/the-personal-writings-of-eliza-roxcy-snow.pdf
    • http://www.gorillawalker.com/forbes-travel-guide-2011-southwest-forbes-travel-guide-regional-guide.pdf
    • http://www.gorillawalker.com/a-progressive-education.pdf
    • http://www.gorillawalker.com/riders-of-the-dust-gray-steppe-a-pleistocene-western-fourteen.pdf
    • http://www.gorillawalker.com/hamlet-shakespeare-series.pdf
    • http://www.gorillawalker.com/mlb-chicago-white-sox-activity-and-coloring-book.pdf
    • http://www.gorillawalker.com/airline-competition-hearings-before-the-committee-on-transportation-and-infrastructure.pdf
    • http://www.gorillawalker.com/operational-amplifier-noise-techniques-and-tips-for-analyzing-and-reducing.pdf
    • http://www.gorillawalker.com/psionic-power-a-4th-edition-d-d-supplement.pdf
    • http://www.gorillawalker.com/the-titles-of-ebtun.pdf
    • http://www.gorillawalker.com/housing-the-new-russia.pdf
    • http://www.gorillawalker.com/capturing-light-the-heart-of-photography.pdf
    • http://www.gorillawalker.com/basic-environmental-technology-water-supply-waste-management-pollution-control-5th.pdf
    • http://www.gorillawalker.com/the-prodigy-the-illustrated-story.pdf
    • http://www.gorillawalker.com/the-lleyn-peninsula-coastal-path-a-walking-and-cycle-touring.pdf
    • http://www.gorillawalker.com/over-our-dead-bodies-undertakers-lift-the-lid.pdf
    • http://www.gorillawalker.com/theology-of-the-new-testament-volume-2-the-variety-and.pdf
    • http://www.gorillawalker.com/neurotics-in-the-church.pdf
    • http://www.gorillawalker.com/historias-de-la-biblia-spanish-edition.pdf
    • http://www.gorillawalker.com/chicana-creativity-and-criticism-new-frontiers-in-american-literature.pdf
    • http://www.gorillawalker.com/victorian-magic.pdf
    • http://www.gorillawalker.com/rand-mcnally-street-guide-nashville-rand-mcnally-nashville-street-guide.pdf
    • http://www.gorillawalker.com/sociolinguistics-the-study-of-speakers-choices.pdf
    • http://www.gorillawalker.com/organizational-behavior-10th-edition.pdf
    • http://www.gorillawalker.com/in-love-and-war.pdf
    • http://www.gorillawalker.com/hellifax-mountain-man-book-3-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.