Malicious PDF — malware analysis report

Static analysis result for SHA-256 b7a0738745a7f595…

MALICIOUS

PDF

45.8 KB Created: 2018-11-14 23:30:06 +03:00 Authoring application: Documill Publishor 6.3.9.1 by Documill (http://www.documill.com/) (via iText 2.1.6 by 1T3XT)
MD5: 40f0a32f488a34dc4a7b4fcdf5261fc6 SHA-1: 846e023d230b489dee8944d0b80e354c0512bdee SHA-256: b7a0738745a7f5959b59f5fe19d089255926d08abc8ba2e49c87393a1e6e7429
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a heuristic firing for PDF_SEO_LINK_FARM, indicating a large number of external links to PDF files hosted on www.gorillawalker.com. This suggests a link farm or distribution mechanism. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing lure. The primary attack pattern appears to be directing users to a large number of external resources.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/wedding-blips-and-bloopers-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-psychopharmacotherapy-2nd-second-edition.pdf
    • http://www.gorillawalker.com/test-de-inteligencia-spanish-edition.pdf
    • http://www.gorillawalker.com/am-anfang-war-das-feuer-die-rammstein-story-german-edition.pdf
    • http://www.gorillawalker.com/handbook-of-self-regulation-research-theory-and-applications.pdf
    • http://www.gorillawalker.com/statics-and-mechanics-of-materials.pdf
    • http://www.gorillawalker.com/four-blood-moons-something-is-about-to-change-unabridged-audible.pdf
    • http://www.gorillawalker.com/studies-on-malacostraca-lipke-bijdeley-holthuis-memorial-volume-crustaceana-monographs.pdf
    • http://www.gorillawalker.com/substance-abuse-treatment-addressing-the-specific-needs-of-women-treatment.pdf
    • http://www.gorillawalker.com/three-approaches-to-combating-torture-in-china-maastricht-series-in.pdf
    • http://www.gorillawalker.com/the-strange-death-of-sullivan-chance.pdf
    • http://www.gorillawalker.com/cross-taiwan-strait-relations-in-an-era-of-technological-change.pdf
    • http://www.gorillawalker.com/sri-lanka-travel-guide-sightseeing-hotel-restaurant-shopping-highlights.pdf
    • http://www.gorillawalker.com/how-to-survive-your-in-laws-advice-from-hundreds-of.pdf
    • http://www.gorillawalker.com/landscape-biographies-geographical-historical-and-archaeological-perspectives-on-the-production.pdf
    • http://www.gorillawalker.com/the-penguin-guide-to-compact-discs.pdf
    • http://www.gorillawalker.com/turkmen-carpets-masterpieces-of-steppe-art-from-16th-to-19th.pdf
    • http://www.gorillawalker.com/the-best-business-books-ever-the-most-influential-management-books.pdf
    • http://www.gorillawalker.com/an-introduction-to-optical-waveguide.pdf
    • http://www.gorillawalker.com/visualizing-muscles-a-new-ecorch-approach-to-surface-anatomy.pdf
    • http://www.gorillawalker.com/integrated-weed-and-soil-management.pdf
    • http://www.gorillawalker.com/comprehension-skills-workbook-comprehension-b1-corrective-reading-student-edition-corrective.pdf
    • http://www.gorillawalker.com/race-and-the-obama-phenomenon-the-vision-of-a-more.pdf
    • http://www.gorillawalker.com/the-way-of-beauty-five-meditations-for-spiritual-transformation.pdf
    • http://www.gorillawalker.com/holt-algebra-1-new-york-regents-test-prep-workbook-for.pdf
    • http://www.gorillawalker.com/easy-jazz-favorites-conductor.pdf
    • http://www.gorillawalker.com/woolly-mammoths-on-my-own-science.pdf
    • http://www.gorillawalker.com/menopause-food-solutions-recipes-and-advice-to-relieve-symptoms.pdf
    • http://www.gorillawalker.com/the-clinical-pharmacology-of-anti-inflammatory-agents.pdf
    • http://www.gorillawalker.com/tebhaga-an-artist-s-diary-and-sketchbook.pdf
    • http://www.gorillawalker.com/visitor-s-guide-to-delhi-agra-and-rajasthan-visitor-s.pdf
    • http://www.gorillawalker.com/my-tight-best-friend-gay-first-time-m-m.pdf
    • http://www.gorillawalker.com/theory-of-nothing.pdf
    • http://www.gorillawalker.com/berenstain-bear-scouts-and-the-sinister-sm.pdf
    • http://www.gorillawalker.com/jim-abbott-sports-illustrated-for-kids-biography.pdf
    • http://www.gorillawalker.com/gates-of-hades-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fire-of-tongues-ant-nio-vieira-and-the-missionary.pdf
    • http://www.gorillawalker.com/the-rosary-of-jesus-and-mary-mysteries-for-christian-prayer.pdf
    • http://www.gorillawalker.com/ready-to-burn-due-south-a-sexy-new-zealand-romance.pdf
    • http://www.gorillawalker.com/narrative-of-sojourner-truth-penguin-classics.pdf
    • http://www.documill.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.