Malicious PDF — malware analysis report

Static analysis result for SHA-256 b8f0109872798bc6…

MALICIOUS

PDF

45.1 KB Created: 2019-03-17 11:09:46 +03:00 Authoring application: iBooks Author (via Mac OS X 10.9.3 Quartz PDFContext)
MD5: 587b502511cbddf7162bc0e228def25d SHA-1: 838c065ac85ad1e02daa165a4892795f75b5801b SHA-256: b8f0109872798bc69d0abe3db07f6e72ffdcec14547c7243a99f88af356db57d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a 'link farm' heuristic, indicating a large number of embedded URLs pointing to external PDF documents. The document body is heavily obfuscated and unreadable, but the presence of numerous links to PDFs hosted on 'gorillawalker.com' suggests a potential SEO manipulation or a lure for users to download further content. No scripts were extracted from this sample. The primary attack pattern appears to be social engineering through a deceptive link structure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-storm-before-the-calm.pdf
    • http://www.gorillawalker.com/holt-allez-viens-intermediate-reader-joie-de-lire-level-2.pdf
    • http://www.gorillawalker.com/mineral-resources-appraisal-mineral-endowment-resources-and-potential-supply-concepts.pdf
    • http://www.gorillawalker.com/fit-to-paddle-the-paddler-s-guide-to-strength-and.pdf
    • http://www.gorillawalker.com/multiobjective-programming-and-planning-dover-books-on-computer-science.pdf
    • http://www.gorillawalker.com/race-and-education-the-roles-of-history-and-society-in.pdf
    • http://www.gorillawalker.com/eye-to-eye-the-quest-for-the-new-paradigm-kindle.pdf
    • http://www.gorillawalker.com/jupiter-isaac-asimov-biblioteca-del-universo-siglo-xxi-el-sistema.pdf
    • http://www.gorillawalker.com/native-american-new-england-cooking-cookbook.pdf
    • http://www.gorillawalker.com/hematology-and-transfusion-medicine-board-review-made-simple-case-series.pdf
    • http://www.gorillawalker.com/branding-creating-an-identity-on-the-web-digital-and-information.pdf
    • http://www.gorillawalker.com/the-oxford-christening-bible-authorized-king-james-version.pdf
    • http://www.gorillawalker.com/cantona-when-the-seagull-flew.pdf
    • http://www.gorillawalker.com/handbook-on-constructing-composite-indicators-methodology-and-user-guide.pdf
    • http://www.gorillawalker.com/the-lincoln-assassination-crime-and-punishment-myth-and-memory-a.pdf
    • http://www.gorillawalker.com/i-spy-a-lion-animals-in-art.pdf
    • http://www.gorillawalker.com/knights-of-the-blood-knights-of-the-blood-vampyr-ss.pdf
    • http://www.gorillawalker.com/fachkundenachweis-rettungsdienst.pdf
    • http://www.gorillawalker.com/cns-pediatric-specialty-review-and-self-assessment-statpearls-review-series.pdf
    • http://www.gorillawalker.com/three-point-shot.pdf
    • http://www.gorillawalker.com/workouts-in-a-binder-swim-workouts-for-triathletes.pdf
    • http://www.gorillawalker.com/bombastoso-bass-tuba-solos-with-piano.pdf
    • http://www.gorillawalker.com/more-songs-from-glee-pro-vocal-songbook-cd-for-women.pdf
    • http://www.gorillawalker.com/construction-law-for-managers-architects-and-engineers-by-white-nancy.pdf
    • http://www.gorillawalker.com/princess-academy.pdf
    • http://www.gorillawalker.com/surrender-ultra-alpha-age-play-abdl-romance-forever-little-book.pdf
    • http://www.gorillawalker.com/better-red-the-writing-and-resistance-of-tillie-olsen-and.pdf
    • http://www.gorillawalker.com/my-science-book-of-electricity.pdf
    • http://www.gorillawalker.com/manuscripts-in-transition-recycling-manuscripts-texts-and-images-corpus-of.pdf
    • http://www.gorillawalker.com/american-sniper-by-chris-kyle-a-20-minute-summary-the.pdf
    • http://www.gorillawalker.com/tal-como-soy-la-autobiografia-de-billy-graham.pdf
    • http://www.gorillawalker.com/applied-rocket-propulsion-aerospace-series-pep.pdf
    • http://www.gorillawalker.com/picturing-culture-explorations-of-film-and-anthropology.pdf
    • http://www.gorillawalker.com/black-holes-wormholes-and-time-machines.pdf
    • http://www.gorillawalker.com/learning-act-an-acceptance-and-commitment-therapy-skills-training-manual.pdf
    • http://www.gorillawalker.com/black-swan-lake-life-of-a-wetland-intellect-books-cultural.pdf
    • http://www.gorillawalker.com/the-joy-of-family-camping.pdf
    • http://www.gorillawalker.com/time-for-a-tale-tailybone-scary-tales.pdf
    • http://www.gorillawalker.com/gale-encyclopedia-of-alternative-medicine-premenstrual-syndrome-html-digital.pdf
    • http://www.gorillawalker.com/tradition-in-a-rootless-world-women-turn-to-orthodox-judaism.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.