Malicious PDF — malware analysis report

Static analysis result for SHA-256 a833d5c730b1abcf…

MALICIOUS

PDF

36.3 KB Created: 2018-11-14 21:48:04 +03:00 Authoring application: Adobe InDesign CC 2015 (Macintosh) (via Adobe PDF Library 15.0)
MD5: fedc41d6d30bda2a9575815b065c1c24 SHA-1: e749af52d3b74baf6a51e04105af1096caa33abf SHA-256: a833d5c730b1abcf24442b557c0c242556bbdbeb98be0cda872f8162c6247aed
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a large number of embedded external links, primarily pointing to other PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm or a lure to a large collection of potentially malicious or spam content. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern beyond the link farm.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/carnival-in-rio.pdf
    • http://www.gorillawalker.com/noma-nordic-cuisine.pdf
    • http://www.gorillawalker.com/the-power-of-black-music-interpreting-its-history-from-africa.pdf
    • http://www.gorillawalker.com/the-anglo-american-ballad-a-folklore-casebook-routledge-library-editions.pdf
    • http://www.gorillawalker.com/kit-saves-the-day-american-girl-quality.pdf
    • http://www.gorillawalker.com/axiomatic-set-theory-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/calendars-in-the-dead-sea-scrolls-measuring-time-the-literature.pdf
    • http://www.gorillawalker.com/the-infernal-devices-clockwork-angel-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-claim-free-property-in-the-uk.pdf
    • http://www.gorillawalker.com/discovering-behavioral-neuroscience-an-introduction-to-biological-psychology.pdf
    • http://www.gorillawalker.com/metropolitan-migrants-the-migration-of-urban-mexicans-to-the-united.pdf
    • http://www.gorillawalker.com/vintage-vavoom-romantic-decorating-with-one-of-a-kind-finds.pdf
    • http://www.gorillawalker.com/human-rights-confronting-myths-and-misunderstandings.pdf
    • http://www.gorillawalker.com/teaching-beginning-writing.pdf
    • http://www.gorillawalker.com/modelling-freight-transport-elsevier-insights.pdf
    • http://www.gorillawalker.com/the-h-m-s-bad-idea-an-anti-self-help.pdf
    • http://www.gorillawalker.com/17-mile-drive.pdf
    • http://www.gorillawalker.com/unorthodox-book-of-jewish-records-and-lists.pdf
    • http://www.gorillawalker.com/kafka-judaism-politics-and-literature.pdf
    • http://www.gorillawalker.com/when-worlds-collide-the-troubled-history-of-bears-and-people.pdf
    • http://www.gorillawalker.com/unicorn-valley.pdf
    • http://www.gorillawalker.com/digital-satellite-services-installation-and-maintenance.pdf
    • http://www.gorillawalker.com/microbiology-lippincott-s-illustrated-reviews-series.pdf
    • http://www.gorillawalker.com/guerre-d-algerie-1959-60-le-cinquieme-bureau-ou-le.pdf
    • http://www.gorillawalker.com/forbidden-check-up-a-medical-taboo-erotica.pdf
    • http://www.gorillawalker.com/critical-incidents-in-integrating-spirituality-into-counseling.pdf
    • http://www.gorillawalker.com/how-asia-can-shape-the-world-from-the-era-of.pdf
    • http://www.gorillawalker.com/geography-challenge.pdf
    • http://www.gorillawalker.com/la-tierra-en-llamas-spanish-edition.pdf
    • http://www.gorillawalker.com/road-warriors.pdf
    • http://www.gorillawalker.com/are-ufos-real-unexplained-what-s-the-evidence.pdf
    • http://www.gorillawalker.com/three-dimensional-and-multidimensional-microscopy-image-acquisition-and-processing-xxii.pdf
    • http://www.gorillawalker.com/narrating-the-self-fictions-of-japanese-modernity.pdf
    • http://www.gorillawalker.com/perl-for-bioinformatics.pdf
    • http://www.gorillawalker.com/gewissen-und-wahrheit-bei-john-henry-kardinal-newman-german-edition.pdf
    • http://www.gorillawalker.com/london-cool-restaurants.pdf
    • http://www.gorillawalker.com/deck-of-priest-spells-ad-d-2nd-ed-game-accessory.pdf
    • http://www.gorillawalker.com/disney-sofia-the-first-where-is-my-tiara-open-door.pdf
    • http://www.gorillawalker.com/beyond-the-bronze-pillars-envoy-poetry-and-the-sino-vietnamese.pdf
    • http://www.gorillawalker.com/how-to-solve-algebra-word-problems.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.