Malicious PDF — malware analysis report

Static analysis result for SHA-256 b69db5db40d1008d…

MALICIOUS

PDF

44.8 KB Created: 2018-11-23 21:09:32 +03:00 Authoring application: Word (via Mac OS X 10.7.5 Quartz PDFContext)
MD5: 5c9e25f21fdd91a028016dd9b13aa862 SHA-1: b9a63f5f2a22cb68d975c36ffa21b00ac3b6ec05 SHA-256: b69db5db40d1008d9fa7be9efbe3d366fcbdbacd748d721d76510a2e88401374
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The document body is heavily obfuscated and does not provide clear textual lures. The primary attack pattern appears to be directing users to a link farm hosted on www.gorillawalker.com, likely for SEO manipulation or to serve further malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-biomathematics-of-malaria-1982.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-making-cheese-butter-and-yogurt-at.pdf
    • http://www.gorillawalker.com/dolphins-living-wild.pdf
    • http://www.gorillawalker.com/inside-nhl-94-official-guide-official-strategy-guides.pdf
    • http://www.gorillawalker.com/101-socks-circular-needles-felted-addi-express-toe-up-crocheted.pdf
    • http://www.gorillawalker.com/the-equip-implementation-guide-teaching-youth-to-think-and-act.pdf
    • http://www.gorillawalker.com/linear-circuit-analysis-a-laplace-transform-approach-vol-2.pdf
    • http://www.gorillawalker.com/project-management-process-technology-and-practice.pdf
    • http://www.gorillawalker.com/the-99th-battalion.pdf
    • http://www.gorillawalker.com/ew-103-tactical-battlefield-communications-electronic-warfare.pdf
    • http://www.gorillawalker.com/basic-college-mathematics-with-p-o-w-e-r-learning.pdf
    • http://www.gorillawalker.com/private-sins-three-rivers-book-1.pdf
    • http://www.gorillawalker.com/you-can-draw-animals-you-can-daw.pdf
    • http://www.gorillawalker.com/uganda-cultures-and-customs-and-national-identity.pdf
    • http://www.gorillawalker.com/cyprus-travel-guide-sightseeing-hotel-restaurant-shopping-highlights-illustrated-kindle.pdf
    • http://www.gorillawalker.com/where-s-waldo-the-fantastic-journey.pdf
    • http://www.gorillawalker.com/aerobics-national-fitness-program-guide-book-chinese-edition.pdf
    • http://www.gorillawalker.com/man-down-the-manly-man-s-guide-to-hormone-disruptors.pdf
    • http://www.gorillawalker.com/101-animal-secrets.pdf
    • http://www.gorillawalker.com/beautiful-dead-bella-a-lana-cloud-murder-mystery-kindle-edition.pdf
    • http://www.gorillawalker.com/lord-demon.pdf
    • http://www.gorillawalker.com/salad-bar-beef.pdf
    • http://www.gorillawalker.com/hotel-imperial-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/attack-on-titan-junior-high-3.pdf
    • http://www.gorillawalker.com/fieser-and-fieser-s-reagents-for-organic-synthesis-volume-14.pdf
    • http://www.gorillawalker.com/regicide-and-revolution-speeches-at-the-trial-of-louis-xvi.pdf
    • http://www.gorillawalker.com/the-asymptote-s-tail-infinite-limits-volume-1.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-option-selling-how-selling-options-can.pdf
    • http://www.gorillawalker.com/the-wedding-dress-thorndike-press-large-print-christian-romance-series.pdf
    • http://www.gorillawalker.com/the-spiderwick-chronicles-boxed-set-the-field-guide-the-seeing.pdf
    • http://www.gorillawalker.com/dominica-isle-of-adventure-macmillan-caribbean-guides.pdf
    • http://www.gorillawalker.com/julius-caesar-the-arkangel-shakespeare-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-midas-complex-how-money-drives-us-crazy-and-what.pdf
    • http://www.gorillawalker.com/iec-60191-2t-ed-1-0-b-1996-eighteenth-supplement.pdf
    • http://www.gorillawalker.com/red-day-green-day.pdf
    • http://www.gorillawalker.com/subordinate-legislation-2003-subordinate-legislation-committee-2nd-report-scottish-parliament.pdf
    • http://www.gorillawalker.com/hunt-and-gather.pdf
    • http://www.gorillawalker.com/indexing-the-medical-and-biological-sciences-occasional-papers-on-indexing.pdf
    • http://www.gorillawalker.com/voltaire-s-bastards-the-dictatorship-of-reason-in-the-west.pdf
    • http://www.gorillawalker.com/innocence-examined-kindle-edition.pdf
    • http://www.gorillawalker.com/the-equip-implementation-guide-teaching-youth-to-think-and-act
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.