Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6706250331dcbd0…

MALICIOUS

PDF

43.6 KB Created: 2019-02-13 20:37:16 +03:00 Authoring application: Adobe InDesign CS (3.0) (via Adobe PDF Library 6.0)
MD5: 5a500940c63748f75b8abb1abba795e8 SHA-1: c77d78931eabdd839cf7c66db4ab1ab9808bd2d6 SHA-256: b6706250331dcbd026effd263929d07d861860656b8be34367490270e683c085
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a critical heuristic firing for a link farm, containing 32 external links. The majority of these links point to PDF files hosted on www.gorillawalker.com. This suggests a potential SEO poisoning or content distribution attack, where the document serves as a lure to redirect users to other malicious or compromised resources. No scripts were extracted, and the document body was unreadable.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/campaigns-on-the-north-west-frontier-1851-1908.pdf
    • http://www.gorillawalker.com/illustrated-guide-to-the-protozoa-second-edition.pdf
    • http://www.gorillawalker.com/teachings-of-jesus-standard-bible-storybook-series.pdf
    • http://www.gorillawalker.com/renegotiating-health-care-resolving-conflict-to-build-collaboration.pdf
    • http://www.gorillawalker.com/peacemaking-in-international-conflict-methods-and-techniques-revised-edition.pdf
    • http://www.gorillawalker.com/il-codice-del-tempo-fractal-time.pdf
    • http://www.gorillawalker.com/top-gear-ambitious-but-rubbish-the-secrets-behind-top-gear.pdf
    • http://www.gorillawalker.com/primal-a-quest-for-the-lost-soul-of-christianity.pdf
    • http://www.gorillawalker.com/god-wants-you-to-be-an-entrepreneur.pdf
    • http://www.gorillawalker.com/how-to-buy-and-sell-just-about-everything-more-than.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-zanzibar.pdf
    • http://www.gorillawalker.com/the-joy-of-stats-a-short-guide-to-introductory-statistics.pdf
    • http://www.gorillawalker.com/puerto-rico-and-outlying-areas-and-other-outlying-areas-world.pdf
    • http://www.gorillawalker.com/islands-of-truth-the-imperial-fashioning-of-vancouver-island.pdf
    • http://www.gorillawalker.com/my-math-readers-parent-pack-25-easy-to-read-books.pdf
    • http://www.gorillawalker.com/the-mystery-of-woman-a-book-for-men.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-endurance-riding-and-competition-howell-reference.pdf
    • http://www.gorillawalker.com/i-love-monster-trucks.pdf
    • http://www.gorillawalker.com/the-three-temples-on-the-emergence-of-jewish-mysticism.pdf
    • http://www.gorillawalker.com/awakening-amelia.pdf
    • http://www.gorillawalker.com/migration-and-mental-health.pdf
    • http://www.gorillawalker.com/gendering-addiction-the-politics-of-drug-treatment-in-a-neurochemical.pdf
    • http://www.gorillawalker.com/dear-baobab.pdf
    • http://www.gorillawalker.com/time-for-koda-to-leave-children-book.pdf
    • http://www.gorillawalker.com/the-hollow-a-hercule-poirot-mystery-hercule-poirot-mysteries.pdf
    • http://www.gorillawalker.com/history-of-the-people-of-trinidad-and-tobago-scholar-s.pdf
    • http://www.gorillawalker.com/chaim-nachman-bialik-selected-poems.pdf
    • http://www.gorillawalker.com/sacred-luxuries-fragrance-aromatherapy-and-cosmetics-in-ancient-egypt.pdf
    • http://www.gorillawalker.com/pelvi-p-rin-ologie-french-edition.pdf
    • http://www.gorillawalker.com/el-poder-curativo-de-la-cabala-spanish-edition.pdf
    • http://www.gorillawalker.com/2-pieces-for-orchestra-op-14-bassoon-2-part-qty.pdf
    • http://www.gorillawalker.com/the-complete-step-by-step-guide-to-martial-arts-tai.pdf
    • http://www.gorillawalker.com/dennis-fish-no-pornography-henry-8th-downton-abbey-magna-carta.pdf
    • http://www.gorillawalker.com/robert-clifton-weaver-and-the-american-city-the-life-and.pdf
    • http://www.gorillawalker.com/calibration-of-color-aerial-photography-special-report-30-june-1971.pdf
    • http://www.gorillawalker.com/ballade-in-g-minor-alfred-masterwork-edition.pdf
    • http://www.gorillawalker.com/principles-of-communications.pdf
    • http://www.gorillawalker.com/biomimetics-nature-based-innovation.pdf
    • http://www.gorillawalker.com/notes-and-sketches-travel-journals-of-william-p-rayner.pdf
    • http://www.gorillawalker.com/eyelike-stickers-space.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.