Malicious PDF — malware analysis report

Static analysis result for SHA-256 bd6549c373cc3916…

MALICIOUS

PDF

42.7 KB Created: 2018-12-14 20:23:03 +03:00 Authoring application: Writer (via OpenOffice.org 2.0.3)
MD5: 51c82afaf111c0f8bc44c5c6f6f3d58b SHA-1: 198e713a789e9a2498ec3fd677622b388b377619 SHA-256: bd6549c373cc39166ef8846db4ccd71ec012dc9cd21d6577d7e09d6482140848
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a heuristic firing for a 'PDF_SEO_LINK_FARM', indicating a mass of external links. The document body is heavily obfuscated and unreadable, but the embedded URLs point to a single domain, www.gorillawalker.com, with various PDF filenames. This suggests a tactic to manipulate search engine rankings or to lure users to download content from a specific site.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ultimate-magic-book-8-merlin.pdf
    • http://www.gorillawalker.com/addison-wesley-mathematics-grade-6.pdf
    • http://www.gorillawalker.com/belgium-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/boost-your-self-esteem-for-10-15yr-olds-delete-negative.pdf
    • http://www.gorillawalker.com/yoga-for-life-a-journey-to-inner-peace-and-freedom.pdf
    • http://www.gorillawalker.com/long-term-care-claim-filing-a-field-guide-for-prince.pdf
    • http://www.gorillawalker.com/see-judge-act-catholic-social-teaching-and-service-learning.pdf
    • http://www.gorillawalker.com/the-assyrians-the-oldest-christian-people.pdf
    • http://www.gorillawalker.com/painted-fans-of-japan-15-noh-drama-masterpieces.pdf
    • http://www.gorillawalker.com/a-passion-for-collecting-decorating-with-art-and-antiques.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-geography-3rd-edition-idiot.pdf
    • http://www.gorillawalker.com/merchants-of-enterprise-private-equity-in-canada-the-colour-and.pdf
    • http://www.gorillawalker.com/knitted-wild-animals-15-adorable-easy-to-knit-toys.pdf
    • http://www.gorillawalker.com/beaware.pdf
    • http://www.gorillawalker.com/you-the-boss-1-how-to-go-into-business-without.pdf
    • http://www.gorillawalker.com/louis-jolliet-explorer-of-rivers.pdf
    • http://www.gorillawalker.com/xxx-reifen-sex-bilder-13-sex-porn-milf-reife-sex.pdf
    • http://www.gorillawalker.com/depths-of-blue.pdf
    • http://www.gorillawalker.com/wallpaper-city-guide-reykjavik-wallpaper-city-guides.pdf
    • http://www.gorillawalker.com/provence-and-the-cote-d-azur-a-phaidon-cultural-guide.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-stewart-redlin-watson-s-precalculus-mathematics.pdf
    • http://www.gorillawalker.com/winisk-on-the-shore-of-hudson-bay.pdf
    • http://www.gorillawalker.com/negocios-y-espiritualidad-spanish-edition.pdf
    • http://www.gorillawalker.com/the-downside-of-nutrition-part-i-the-untold-truths-about.pdf
    • http://www.gorillawalker.com/in-pharaoh-s-army.pdf
    • http://www.gorillawalker.com/two-for-the-show-scenes-for-student-actors-plays-for.pdf
    • http://www.gorillawalker.com/consoles-to-cricket-book-16-know-your-bible-kindle-edition.pdf
    • http://www.gorillawalker.com/right-of-passage-travels-from-brooklyn-to-bali.pdf
    • http://www.gorillawalker.com/killer-sudoku-large-print-1.pdf
    • http://www.gorillawalker.com/unsolved-arizona-true-crime.pdf
    • http://www.gorillawalker.com/la-cocina-de-les-halles-spanish-edition.pdf
    • http://www.gorillawalker.com/powerful-techniques-for-teaching-adults.pdf
    • http://www.gorillawalker.com/understanding-options-wiley-marketplace-book-series.pdf
    • http://www.gorillawalker.com/sugar-free-thai-recipes-and-sugar-free-vitamix-recipes-2.pdf
    • http://www.gorillawalker.com/the-great-game-the-myths-and-reality-of-espionage.pdf
    • http://www.gorillawalker.com/dancing-with-change-a-spiritual-response-to-changes-in-the.pdf
    • http://www.gorillawalker.com/5-string-banjo-natural-style.pdf
    • http://www.gorillawalker.com/traitor.pdf
    • http://www.gorillawalker.com/women-and-writing.pdf
    • http://www.gorillawalker.com/construction-engineering-review-management-and-practice-problem-sets.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.