Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8dcc8d0adb175e5…

MALICIOUS

PDF

43.4 KB Created: 2018-11-23 21:00:58 +03:00 Authoring application: AH XSL Formatter V6.1 MR5a for Windows (x64) : 6.1.10.15867 (via Antenna House PDF Output Library 6.1.472 (Windows (x64)))
MD5: 622210779b5835b73f0cb15bb28f862f SHA-1: ff7900de947044d4357dfd5aaf7114a22242ebb5 SHA-256: a8dcc8d0adb175e53c1664a531c528d430da135edb53d56f14287f273412b9c4
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF documents hosted on www.gorillawalker.com. This suggests a link farm or SEO manipulation tactic. The embedded URLs are likely intended to redirect users to malicious content or phishing pages. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/elementary-applied-symbolic-logic.pdf
    • http://www.gorillawalker.com/streetwise-chicago-map-laminated-city-center-street-map-of-chicago.pdf
    • http://www.gorillawalker.com/competitive-positioning-best-practices-for-creating-brand-loyalty.pdf
    • http://www.gorillawalker.com/amphetamines-encyclopedia-of-psychoactive-drugs.pdf
    • http://www.gorillawalker.com/10-life-lessons-on-how-to-find-your-why-now.pdf
    • http://www.gorillawalker.com/energy-a-solution.pdf
    • http://www.gorillawalker.com/sensory-marketing-research-on-the-sensuality-of-products.pdf
    • http://www.gorillawalker.com/aircraft-dynamics-and-automatic-control-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/william-steinitz-selected-chess-games.pdf
    • http://www.gorillawalker.com/writing-degree-zero-and-elements-of-semiology-beacon-paperback-350.pdf
    • http://www.gorillawalker.com/tantric-yoga-and-the-wisdom-goddesses.pdf
    • http://www.gorillawalker.com/malta-gozo-holiday-map.pdf
    • http://www.gorillawalker.com/flying-the-coop.pdf
    • http://www.gorillawalker.com/scriabin-keyboard-essentials-original-works-for-piano-schirmer-s-library.pdf
    • http://www.gorillawalker.com/internationals-who-live-among-us-doing-world-missions-at-home.pdf
    • http://www.gorillawalker.com/shamans-sorcerers-and-saints-a-prehistory-of-religion-kindle-edition.pdf
    • http://www.gorillawalker.com/hopes-of-the-living-dead-the-adventures-of-mr-b.pdf
    • http://www.gorillawalker.com/young-scientist-s-guide-to-faulty-freaks-of-nature-a.pdf
    • http://www.gorillawalker.com/the-translation-of-children-s-literature-a-reader-topics-in.pdf
    • http://www.gorillawalker.com/practicing-oral-history-in-historical-organizations.pdf
    • http://www.gorillawalker.com/begging-the-priest-redeemed-at-the-backdoor.pdf
    • http://www.gorillawalker.com/safer-under-the-stairs-kindle-edition.pdf
    • http://www.gorillawalker.com/how-students-learn-history-mathematics-and-science-in-the-classroom.pdf
    • http://www.gorillawalker.com/macrophytes-in-aquatic-ecosystems-from-biology-to-management-proceedings-of.pdf
    • http://www.gorillawalker.com/digital-scrapbooking-using-your-computer-to-create-exciting-scrapbook-pages.pdf
    • http://www.gorillawalker.com/yi-jin-jing-tendon-muscle-strengthening-qigong-exercises-with-instructional.pdf
    • http://www.gorillawalker.com/childebride-island.pdf
    • http://www.gorillawalker.com/cognitive-therapy-for-chronic-pain-a-step-by-step-guide.pdf
    • http://www.gorillawalker.com/beyond-medicine-exploring-a-new-way-of-thinking.pdf
    • http://www.gorillawalker.com/the-ghost-witch.pdf
    • http://www.gorillawalker.com/rage-on-the-right-the-american-militia-movement-from-ruby.pdf
    • http://www.gorillawalker.com/tranquility-for-tourette-s-syndrome-uncommon-natural-methods-for-treating.pdf
    • http://www.gorillawalker.com/the-goffman-reader.pdf
    • http://www.gorillawalker.com/the-gun-digest-book-of-centerfire-rifles-assembly-disassembly.pdf
    • http://www.gorillawalker.com/handwriting-5-7-star-learning.pdf
    • http://www.gorillawalker.com/sticking-strictly-to-the-existing-coherent-100g-standard-on-line.pdf
    • http://www.gorillawalker.com/bible-dictionary-a-biblical-and-theological-dictionary-revised-by-the.pdf
    • http://www.gorillawalker.com/biblia-antiguo-testamento-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/whispers-in-the-dark-marti-macalister.pdf
    • http://www.gorillawalker.com/cool-escapes-mauritius.pdf
    • http://www.gorillawalker.com/competitive-positioning-best-practices-for-cr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.