Malicious PDF — malware analysis report

Static analysis result for SHA-256 a9daedf83bfe3d0f…

MALICIOUS

PDF

42.7 KB Created: 2018-12-14 20:38:37 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.4)
MD5: 604cea822f3edb9dab5eaf67ec7e6c26 SHA-1: 9ad5ef567f133e06f2047362b3f8357796401ecd SHA-256: a9daedf83bfe3d0fc2f9ff5a60b822c0e6608324ff3755f8f5c519defb7f92be
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/metalheart.pdf
    • http://www.gorillawalker.com/marvelous-marine-life-coloring-book-art-filled-fun-coloring-books.pdf
    • http://www.gorillawalker.com/basic-clinical-pharmacology-ninth-edition.pdf
    • http://www.gorillawalker.com/the-christianization-of-iceland-priests-power-and-social-change-1000.pdf
    • http://www.gorillawalker.com/mao-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/the-one-dish-chicken-cookbook-120-simply-delicious-recipes-from.pdf
    • http://www.gorillawalker.com/manual-de-acordes-para-guitarra.pdf
    • http://www.gorillawalker.com/economic-anthropology-a-study-in-comparative-economics.pdf
    • http://www.gorillawalker.com/tied-to-the-mast-pirate-gangbang.pdf
    • http://www.gorillawalker.com/yoga-cats-multilingual-edition.pdf
    • http://www.gorillawalker.com/ever-yours-the-essential-letters.pdf
    • http://www.gorillawalker.com/oop-with-microsoft-visual-basic-net-and-microsoft-visual-c.pdf
    • http://www.gorillawalker.com/the-research-process.pdf
    • http://www.gorillawalker.com/the-body-in-the-bouillon-a-faith-fairchild-mystery.pdf
    • http://www.gorillawalker.com/practical-guide-to-xen-high-availability-configuring-enterprise-virtualization-on.pdf
    • http://www.gorillawalker.com/actors-anonymous-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/the-business-analysts-s-handbook-kindle-edition.pdf
    • http://www.gorillawalker.com/25-t-ang-poets-index-to-english-translations.pdf
    • http://www.gorillawalker.com/omne-agens-agit-sibi-simile-a-repetition-of-scholastic-metaphysics.pdf
    • http://www.gorillawalker.com/harcourt-social-studies-assessment-program-grade-1.pdf
    • http://www.gorillawalker.com/infinite-sequences-and-series-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/the-essential-batman-encyclopedia.pdf
    • http://www.gorillawalker.com/gold-coins-of-the-charlotte-mint-1838-1861-3rd-edition.pdf
    • http://www.gorillawalker.com/the-20th-century-children-s-poetry-treasury-treasured-gifts-for.pdf
    • http://www.gorillawalker.com/l-vangile-selon-la-compagne-bien-aim-e-l-vangile.pdf
    • http://www.gorillawalker.com/qgis-by-example.pdf
    • http://www.gorillawalker.com/patternmaking-for-fashion-design.pdf
    • http://www.gorillawalker.com/creating-a-photo-book-for-seniors-computer-books-for-seniors.pdf
    • http://www.gorillawalker.com/an-introduction-to-judaism-introduction-to-religion.pdf
    • http://www.gorillawalker.com/introduction-to-human-factors-engineering-pearson-new-international-edition.pdf
    • http://www.gorillawalker.com/an-itinerary-vvritten-by-fynes-moryson-gent-first-in-the.pdf
    • http://www.gorillawalker.com/the-doctrine-of-scriptural-temperance-an-apology-for-the-doctrine.pdf
    • http://www.gorillawalker.com/zombie-inc.pdf
    • http://www.gorillawalker.com/trends-on-the-role-of-pet-in-drug-development.pdf
    • http://www.gorillawalker.com/perry-s-department-store-a-buying-simulation-for-junior-s.pdf
    • http://www.gorillawalker.com/lesbian-gothic-transgressive-fictions.pdf
    • http://www.gorillawalker.com/german-boy-a-refugee-s-story-willie-morris-books-in.pdf
    • http://www.gorillawalker.com/mel-bay-albeniz-for-acoustic-guitar.pdf
    • http://www.gorillawalker.com/tradition-democracy-and-the-townscape-of-kyoto-claiming-a-right.pdf
    • http://www.gorillawalker.com/popular-music-and-human-rights-british-and-american-music-ashgate.pdf
    • http://www.gorillawalker.com/the
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.