Malicious PDF — malware analysis report

Static analysis result for SHA-256 b05644ae5f6df65d…

MALICIOUS

PDF

44.0 KB Created: 2018-12-14 20:04:29 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: 3a37f5523d41d15603367af57f00b2e5 SHA-1: 1ab1dddd92a5389f17d97f05ced30ce66664ed9f SHA-256: b05644ae5f6df65d1516e6f626588a923cac0f76202790af0632c7b521e8ce5a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain www.gorillawalker.com. This heuristic firing indicates a link farm, suggesting the document's primary purpose is to drive traffic to these external resources. The document body itself appears to be malformed or heavily obfuscated, providing no clear user-facing content, but the embedded URLs are the primary indicators of malicious intent. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pacific-trust-territory-yap-yap-money-kano-nigeria-mount-kennedy.pdf
    • http://www.gorillawalker.com/aamodt-s-industrial-organizational-psychology-applications-workbook.pdf
    • http://www.gorillawalker.com/the-annotated-bibliography-of-international-programme-evaluation.pdf
    • http://www.gorillawalker.com/literary-movements-for-students.pdf
    • http://www.gorillawalker.com/the-stranger-by-harlan-coben-summary-analysis.pdf
    • http://www.gorillawalker.com/you-re-not-crazy-it-s-your-mother-understanding-and.pdf
    • http://www.gorillawalker.com/an-exposition-of-the-criminal-laws-of-the-state-of.pdf
    • http://www.gorillawalker.com/snorkel-kauai-guide-to-the-underwater-world-of-hawaii.pdf
    • http://www.gorillawalker.com/the-string-instrument-owner-s-handbook.pdf
    • http://www.gorillawalker.com/paleo-chicken-cooking-book-over-40-easy-paleo-chicken-recipes.pdf
    • http://www.gorillawalker.com/hazardous-material-management-desk-reference.pdf
    • http://www.gorillawalker.com/mindfulness-for-cats.pdf
    • http://www.gorillawalker.com/love-the-song-of-the-universe-wooden-books.pdf
    • http://www.gorillawalker.com/archetypes-in-branding-a-toolkit-for-creatives-and-strategists.pdf
    • http://www.gorillawalker.com/described-sections-and-correlation-of-paleozoic-rocks-at-gilbert-carver.pdf
    • http://www.gorillawalker.com/todd-s-cardiovascular-review-book-volume-5-practice-exams-for.pdf
    • http://www.gorillawalker.com/exterior-siding-trim-finishes-taunton-s-for-pros-by-pros.pdf
    • http://www.gorillawalker.com/irish-law-reports-monthly-2001-no-1.pdf
    • http://www.gorillawalker.com/fear-greed-panic-the-psychology-of-the-stock-market.pdf
    • http://www.gorillawalker.com/the-psychotic-patient-medication-and-psychotherapy.pdf
    • http://www.gorillawalker.com/god-has-control.pdf
    • http://www.gorillawalker.com/too-hot-to-handle-tp.pdf
    • http://www.gorillawalker.com/chasing-chinatown-trilogy-abby-kane-fbi-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/pobre-de-asis-el-spanish-edition.pdf
    • http://www.gorillawalker.com/leidenschaftliche-k-sse-unterm-mistelzweig-ebundle-german-edition.pdf
    • http://www.gorillawalker.com/crisp-using-visual-aids-revised-edition-the-effective-use-of.pdf
    • http://www.gorillawalker.com/tiara-club-at-ruby-mansions-6-princess-amy-and-the.pdf
    • http://www.gorillawalker.com/selected-writings-on-aesthetics.pdf
    • http://www.gorillawalker.com/great-satan-s-rage-american-negativity-and-rap-metal-in.pdf
    • http://www.gorillawalker.com/just-who-is-the-woman-of-revelation-12-kindle-edition.pdf
    • http://www.gorillawalker.com/rosacea-diet-a-simple-method-to-control-rosacea.pdf
    • http://www.gorillawalker.com/language-learning-stations-grades-6-8-english-language-arts.pdf
    • http://www.gorillawalker.com/yoga-for-seniors-stress-relief-well-being-for-the-young.pdf
    • http://www.gorillawalker.com/radical-acceptance-guided-meditations.pdf
    • http://www.gorillawalker.com/secrets-of-investing-in-real-estate.pdf
    • http://www.gorillawalker.com/dissonant-divas-in-chicana-music-the-limits-of-la-onda.pdf
    • http://www.gorillawalker.com/the-mountain-world-a-literary-celebration.pdf
    • http://www.gorillawalker.com/houghton-mifflin-harcourt-collections-california-student-edition-grade-6-2017.pdf
    • http://www.gorillawalker.com/more-life-please-the-performance-pathway-to-a-better-you.pdf
    • http://www.gorillawalker.com/creating-business-plans-hbr-20-minute-manager-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.