Malicious PDF — malware analysis report

Static analysis result for SHA-256 b5ccf107d9cc3447…

MALICIOUS

PDF

44.2 KB Created: 2018-11-30 20:58:52 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 3ad2218cda0eebf35059c8fac5ff8a5b SHA-1: 79bf517efdc46859b532da54e94e3fff0c6b0204 SHA-256: b5ccf107d9cc34470fe0b769fad84f36d97505745898b18733385730246f955f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a significant number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the domain www.gorillawalker.com. The sheer volume and nature of these links suggest an attempt to manipulate search engine results or to distribute a large number of potentially malicious or unwanted documents. No scripts were extracted, and the document body contained mostly binary data, making it difficult to ascertain a more specific user-facing lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/modelos-econometricos-con-datos-de-panel-conceptos-y-ejercicios-resueltos.pdf
    • http://www.gorillawalker.com/fbc-holy-land-tour-2014.pdf
    • http://www.gorillawalker.com/fielding-s-surfing-indonesia-fielding-s-in-depth-guide-to.pdf
    • http://www.gorillawalker.com/perfected.pdf
    • http://www.gorillawalker.com/jesu-joy-of-man-s-desiring-for-flute-piano.pdf
    • http://www.gorillawalker.com/shifter-s-station.pdf
    • http://www.gorillawalker.com/le-sexe-des-hommes-french-edition.pdf
    • http://www.gorillawalker.com/immanuel-wallerstein-and-the-problem-of-the-world-system-scale.pdf
    • http://www.gorillawalker.com/review-of-scientific-instruments-volume-1-2-1930-1.pdf
    • http://www.gorillawalker.com/the-ruin-of-kasch.pdf
    • http://www.gorillawalker.com/books-for-kids-jack-and-the-apple-tree-children-s.pdf
    • http://www.gorillawalker.com/body-sculpting-bodyweight-exercises-for-women.pdf
    • http://www.gorillawalker.com/e-article-self-sabotage-sign-9-adult-child-of-alcoholic.pdf
    • http://www.gorillawalker.com/here-now-living-in-the-spirit.pdf
    • http://www.gorillawalker.com/the-new-cambridge-medieval-history-volume-2-c-700-c.pdf
    • http://www.gorillawalker.com/the-vets.pdf
    • http://www.gorillawalker.com/erectile-dysfunction-best-medicine-for-erectile-dysfunction.pdf
    • http://www.gorillawalker.com/overcoming-depression-a-cognitive-therapy-approach-therapist-guide-treatments-that.pdf
    • http://www.gorillawalker.com/the-white-logic-alcoholism-and-gender-in-american-modernist-fiction.pdf
    • http://www.gorillawalker.com/cuore-heart-english-edition.pdf
    • http://www.gorillawalker.com/building-the-mobile-internet-networking-technology.pdf
    • http://www.gorillawalker.com/liu-chen-zhu-wen-xuan-si-ku-wen-xue-zong.pdf
    • http://www.gorillawalker.com/an-age-of-melodrama-family-gender-and-social-hierarchy-in.pdf
    • http://www.gorillawalker.com/white-men-on-race-power-privilege-and-the-shaping-of.pdf
    • http://www.gorillawalker.com/an-introduction-to-organ-registration-church-music-pamphlet-series.pdf
    • http://www.gorillawalker.com/pensamiento-budista-biblioteca-filosofia-spanish-edition.pdf
    • http://www.gorillawalker.com/woodlawn.pdf
    • http://www.gorillawalker.com/macbeth-no-fear-shakespeare-graphic-novels.pdf
    • http://www.gorillawalker.com/grimm-s-fairy-tales-64-dark-original-tales-with-accompanying.pdf
    • http://www.gorillawalker.com/puppy-powers-2-wag-you-re-it.pdf
    • http://www.gorillawalker.com/etienne-erotica-book-1.pdf
    • http://www.gorillawalker.com/some-of-us-chinese-women-growing-up-in-the-mao.pdf
    • http://www.gorillawalker.com/industrial-magic-women-of-the-otherworld-book-4-unabridged-audible.pdf
    • http://www.gorillawalker.com/rescue-at-inspiration-point.pdf
    • http://www.gorillawalker.com/angst-teen-verses-from-the-edge.pdf
    • http://www.gorillawalker.com/the-smouha-city-venture-alexandria-1923-1958.pdf
    • http://www.gorillawalker.com/crafting-peace-power-sharing-institutions-and-the-negotiated-settlement-of.pdf
    • http://www.gorillawalker.com/dancing-the-wheel-of-psychological-types.pdf
    • http://www.gorillawalker.com/fascism-and-pre-fascism-in-europe-1890-1945-a-bibliography.pdf
    • http://www.gorillawalker.com/digital-electronics-a-practical-approach-with-vhdl-9th-ed-by.pdf
    • http://www.gorillawalker.com/immanuel-wallerstein-and-the-problem-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.