Malicious PDF — malware analysis report

Static analysis result for SHA-256 ad1cc26d7e819954…

MALICIOUS

PDF

43.4 KB Created: 2018-12-14 20:05:31 +03:00 Authoring application: AH Formatter V5.3 MR1 for Windows (via Acrobat Distiller 8.1.0 (Windows))
MD5: 7d14d220352ce9d6d75614c5a0bd6dd1 SHA-1: f77ea72535f0e7c30298b930342dbb700864af38 SHA-256: ad1cc26d7e819954e4efd4fbae0131d067de28033e626b64cede02455e164c89
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a heuristic firing for a 'PDF_SEO_LINK_FARM', indicating a large number of embedded external links. The majority of these links point to PDF files hosted on 'gorillawalker.com'. This suggests the document is likely part of a link farm or SEO poisoning campaign, potentially designed to distribute malicious content or manipulate search engine results. No scripts were extracted, and the document body was unreadable.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-british-pharmacopoeia-1864-to-2014-medicines-international-standards-and.pdf
    • http://www.gorillawalker.com/the-earth-s-dynamic-systems.pdf
    • http://www.gorillawalker.com/new-approaches-to-sidonius-apollinaris-with-indices-on-helga-k.pdf
    • http://www.gorillawalker.com/concert-study-opus-49-for-trumpet-and-piano.pdf
    • http://www.gorillawalker.com/tough-minded-management.pdf
    • http://www.gorillawalker.com/acrylic-fusion-experimenting-with-alternative-methods-for-painting-collage-and.pdf
    • http://www.gorillawalker.com/languages-and-machines-an-introduction-to-the-theory-of-computer.pdf
    • http://www.gorillawalker.com/surveying-the-texas-and-pacific-land-grant-west-of-the.pdf
    • http://www.gorillawalker.com/california-probate-code-2007.pdf
    • http://www.gorillawalker.com/allegories-of-cinema-american-film-in-the-sixties.pdf
    • http://www.gorillawalker.com/the-totally-brilliant-puzzle-drawing-book-can-you-be-the.pdf
    • http://www.gorillawalker.com/through-a-viking-mist-mists-of-time-book-4-kindle.pdf
    • http://www.gorillawalker.com/vegan-cooking-50-delectable-vegan-dessert-recipes-natural-foods-special.pdf
    • http://www.gorillawalker.com/unshakable-faith-kindle-edition.pdf
    • http://www.gorillawalker.com/best-slow-cooker-cookbook-ever-versatility-and-inspiration-for-new.pdf
    • http://www.gorillawalker.com/teens-parents-ok-psychiatric-screening-in-ed-child-adolescent-psychiatry.pdf
    • http://www.gorillawalker.com/barron-s-act-english-reading-and-writing-workbook.pdf
    • http://www.gorillawalker.com/moebius-noodles-adventurous-math-for-the-playground-crowd.pdf
    • http://www.gorillawalker.com/journal-of-voyages-to-marguaritta-trinidad-maturin-with-the-author.pdf
    • http://www.gorillawalker.com/ohio-court-rules-2015-government-of-bench-bar.pdf
    • http://www.gorillawalker.com/army-uniforms-of-world-war-2-blandford-colour-series.pdf
    • http://www.gorillawalker.com/paix-o-noite-portuguese-edition.pdf
    • http://www.gorillawalker.com/first-comes-baby-the-loner-s-guarded-heart-mothers-in.pdf
    • http://www.gorillawalker.com/old-harry-s-game-2010-the-christmas-specials.pdf
    • http://www.gorillawalker.com/the-discovery-of-animal-behavior.pdf
    • http://www.gorillawalker.com/tratado-teologico-politico-tratado-politico-clasicos-del-pensamiento-thought-classics.pdf
    • http://www.gorillawalker.com/carpentry-for-beginners.pdf
    • http://www.gorillawalker.com/the-nazi-war-on-cancer.pdf
    • http://www.gorillawalker.com/elmo-s-wash-dry-magic-bath-books.pdf
    • http://www.gorillawalker.com/desert-survival-tips-tricks-skills.pdf
    • http://www.gorillawalker.com/animal-smell-animals-and-their-senses.pdf
    • http://www.gorillawalker.com/mother-hubbard-s-cupboard-kindle-edition.pdf
    • http://www.gorillawalker.com/paramour-fantasy-heights-book-10.pdf
    • http://www.gorillawalker.com/discontinuous-galerkin-methods-for-solving-elliptic-and-parabolic-equations-theory.pdf
    • http://www.gorillawalker.com/god-man-and-well-being-spinoza-s-modern-humanism.pdf
    • http://www.gorillawalker.com/screening-the-male-exploring-masculinities-in-the-hollywood-cinema.pdf
    • http://www.gorillawalker.com/the-modern-family-cookbook.pdf
    • http://www.gorillawalker.com/modern-fishing-lure-collectibles-vol-3-identification-value-guide.pdf
    • http://www.gorillawalker.com/richard-scarry-s-the-best-mistake-ever-and-other-stories.pdf
    • http://www.gorillawalker.com/five-pages-a-day-a-writer-s-journey.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.