Malicious PDF — malware analysis report

Static analysis result for SHA-256 c170a4cd323337e4…

MALICIOUS

PDF

45.6 KB Created: 2018-11-23 21:08:52 +03:00 Authoring application: Microsoft Word: LaserWriter 8 8.6.5 (via Acrobat Distiller 4.0 for Macintosh)
MD5: 8c7cc2a7098630415afc7caa00f91a11 SHA-1: 44fbe577c8e124734b7f22bba9b536f358ebaf70 SHA-256: c170a4cd323337e4681ba5d735ec17bf38312a1676a0b9200aef3455411ddc0e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file exhibits a critical heuristic firing for a 'SEO Link Farm', indicating a large number of external links embedded within the document. These links predominantly point to PDF files hosted on 'www.gorillawalker.com'. The primary intent appears to be SEO manipulation or a lure to download other content, potentially malicious. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bertrand-fleuret-the-cliffs.pdf
    • http://www.gorillawalker.com/high-altitude-primates-developments-in-primatology.pdf
    • http://www.gorillawalker.com/the-guide-to-onenote-how-to-use-onenote-effectively-and.pdf
    • http://www.gorillawalker.com/allison-s-journey-brides-of-webster-county-book-4.pdf
    • http://www.gorillawalker.com/violin-music-by-women-composers-a-bio-bibliographical-guide-music.pdf
    • http://www.gorillawalker.com/beatrice-and-benedict-a-comic-opera-in-two-acts.pdf
    • http://www.gorillawalker.com/the-legend-of-lao-tzu-and-the-tao-te-ching.pdf
    • http://www.gorillawalker.com/reframing-abstract-expressionism-subjectivity-and-painting-in-the-1940s.pdf
    • http://www.gorillawalker.com/the-pirates-who-don-t-do-anything-a-veggietales-movie.pdf
    • http://www.gorillawalker.com/martha-loves-monty-children-s-picture-book-kindle-edition.pdf
    • http://www.gorillawalker.com/the-ph-miracle-balance-your-diet-reclaim-your-health-unabridged.pdf
    • http://www.gorillawalker.com/superheroes-capes-cowls-and-the-creation-of-comic-book-culture.pdf
    • http://www.gorillawalker.com/spain-or-shine-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/almas-gemelas-edaf-bolsillo-spanish-edition.pdf
    • http://www.gorillawalker.com/the-dance-of-life-modern-library.pdf
    • http://www.gorillawalker.com/shooting-yourself-in-the-head-for-fun-and-profit-a.pdf
    • http://www.gorillawalker.com/succeed-how-we-can-reach-our-goals-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/mi-vida-saxual-coleccion-cultura-cubana-spanish-edition.pdf
    • http://www.gorillawalker.com/redd-foxx-encyclopedia-of-black-humor.pdf
    • http://www.gorillawalker.com/catecholamines-and-behavior-vol-2-neuropsychopharmacology.pdf
    • http://www.gorillawalker.com/la-promesa-de-gertruda-un-ni-o-una-promesa-y.pdf
    • http://www.gorillawalker.com/llb-learning-text-family-law-blackstones-llb-learning-texts.pdf
    • http://www.gorillawalker.com/fashion-goes-to-the-dogs-a-kate-killoy-mystery-volume.pdf
    • http://www.gorillawalker.com/rad-tech-s-guide-to-ct-imaging-procedures-patient-care.pdf
    • http://www.gorillawalker.com/and-they-all-sang-hardback-common.pdf
    • http://www.gorillawalker.com/standardized-test-practice-long-reading-passages-grades-7-8-16.pdf
    • http://www.gorillawalker.com/the-everything-home-based-business-book-everything-you-need-to.pdf
    • http://www.gorillawalker.com/steck-vaughn-ged-spanish-student-edition-composici-n-spanish-edition.pdf
    • http://www.gorillawalker.com/christopher-plantin-and-engraved-book-illustrations-in-sixteenth-century-europe.pdf
    • http://www.gorillawalker.com/the-rider-s-fitness-guide-to-a-better-seat.pdf
    • http://www.gorillawalker.com/bibliography-of-investment-and-operating-costs-for-chemical-and-petroleum.pdf
    • http://www.gorillawalker.com/mountain-bike-guide-to-the-west-midlands.pdf
    • http://www.gorillawalker.com/structural-geology-prentice-hall-geology-series.pdf
    • http://www.gorillawalker.com/stories-in-between-narratives-and-mediums-play.pdf
    • http://www.gorillawalker.com/goat.pdf
    • http://www.gorillawalker.com/is-there-anything-to-hard-for-god-kindle-edition.pdf
    • http://www.gorillawalker.com/j-m-synge-and-his-world-pictorial-biography.pdf
    • http://www.gorillawalker.com/a-lyric-architecture-selected-works-of-john-malick-associates-new.pdf
    • http://www.gorillawalker.com/mountain-wildflowers-of-washington-265-images.pdf
    • http://www.gorillawalker.com/star-wars-legacy-ii-volume-1-prisoner-of-the-floating.pdf
    • http://www.gorillawalker.com/the-pirates-who-don
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.