Malicious PDF — malware analysis report

Static analysis result for SHA-256 c3923602ca7ece32…

MALICIOUS

PDF

42.2 KB Created: 2018-12-14 20:00:42 +03:00 Authoring application: Adobe InDesign CS4 (6.0.4) (via Adobe PDF Library 9.0)
MD5: 489219a77b4278f41baa60293b86bbb8 SHA-1: d4ad2e17cd92f09b7abb99c9b660c094e1f31b8f SHA-256: c3923602ca7ece32a98404262222bcf9be0deab2314c060b9eddf8e618d48c2a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was identified as malicious due to a critical heuristic firing for a large number of embedded external links. These links predominantly point to PDFs hosted on 'www.gorillawalker.com'. While no scripts were extracted, the sheer volume of links suggests a link farm or a distribution point for further malicious content, potentially for SEO manipulation or phishing lures.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/advances-in-pharmaceutical-sciences.pdf
    • http://www.gorillawalker.com/lullaby-and-goodnight-a-push-and-pull-playbook.pdf
    • http://www.gorillawalker.com/the-way-i-remember-it-history-of-mathematics-v-12.pdf
    • http://www.gorillawalker.com/linking-quality-of-long-term-care-and-quality-of-life.pdf
    • http://www.gorillawalker.com/mytechcommlab-student-access-code.pdf
    • http://www.gorillawalker.com/goodness-had-nothing-to-do-with-it.pdf
    • http://www.gorillawalker.com/the-indiscreet-jewels.pdf
    • http://www.gorillawalker.com/distributions-and-phylogeography-of-neotropical-primates-a-pictorial-guide-to.pdf
    • http://www.gorillawalker.com/the-complete-big-nate-12-amp-comics-for-kids-kindle.pdf
    • http://www.gorillawalker.com/empire-of-bones-empire-of-bones-saga-volume-1.pdf
    • http://www.gorillawalker.com/christmas-in-lea-gang.pdf
    • http://www.gorillawalker.com/suzuki-viola-school-volume-7-piano-accompaniment-the-suzuki-method.pdf
    • http://www.gorillawalker.com/ranger-in-time-2-danger-in-ancient-rome.pdf
    • http://www.gorillawalker.com/my-life-in-christ.pdf
    • http://www.gorillawalker.com/gorilla-s-story.pdf
    • http://www.gorillawalker.com/mcgraw-hill-language-arts-practice-grade-3-teacher-s-edition.pdf
    • http://www.gorillawalker.com/the-science-and-art-of-branding.pdf
    • http://www.gorillawalker.com/ancient-rome-on-5-denarii-a-day-traveling-on-5.pdf
    • http://www.gorillawalker.com/barack-obama-true-books-biographies.pdf
    • http://www.gorillawalker.com/lonely-planet-pacific-northwest-lonely-planet-washington-oregon-the-pacific.pdf
    • http://www.gorillawalker.com/trends-in-singapore.pdf
    • http://www.gorillawalker.com/the-gospel-commission-recovering-god-s-strategy-for-making-disciples.pdf
    • http://www.gorillawalker.com/early-nasca-needlework.pdf
    • http://www.gorillawalker.com/the-satnav-of-doom-the-banned-underground-book-5-kindle.pdf
    • http://www.gorillawalker.com/al-farghani-on-the-astrolabe-arabic-text-edited-with-translation.pdf
    • http://www.gorillawalker.com/atomic-bomb-voices-from-hiroshima-and-nagasaki.pdf
    • http://www.gorillawalker.com/madam-secretary-a-memoir.pdf
    • http://www.gorillawalker.com/life-on-all-fours-a-novel.pdf
    • http://www.gorillawalker.com/system-of-professions-essay-on-the-division-of-expert-labour.pdf
    • http://www.gorillawalker.com/berlitz-korean-in-60-minutes-berlitz-in-60-minutes-english.pdf
    • http://www.gorillawalker.com/skills-based-learning-for-caring-for-a-loved-one-with.pdf
    • http://www.gorillawalker.com/ira-benefits-trusts-line-by-line-a-detailed-look-at.pdf
    • http://www.gorillawalker.com/business-mathematics-a-collegiate-approach-8th-eigth-edition.pdf
    • http://www.gorillawalker.com/the-cross-cultural-communication-trainer-s-manual-designing-cross-cultural.pdf
    • http://www.gorillawalker.com/rules-of-the-trade-indispensable-insights-for-active-trading-profits.pdf
    • http://www.gorillawalker.com/real-presence-sister-wendy-on-the-earliest-icons.pdf
    • http://www.gorillawalker.com/hereditary-genius-an-inquiry-into-its-laws-and-consequences-classic.pdf
    • http://www.gorillawalker.com/flirting-with-disaster-a-noble-pass-affaire.pdf
    • http://www.gorillawalker.com/optimizing-learning-the-integrative-education-model-in-the-classroom.pdf
    • http://www.gorillawalker.com/dick-hyman-s-professional-chord-changes-and-substitutions-for-100.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.