Malicious PDF — malware analysis report

Static analysis result for SHA-256 c4a5726938322fdb…

MALICIOUS

PDF

43.2 KB Created: 2018-12-02 20:21:20 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: 7b4a6ca2a1b6d97c1f364927eda4bec9 SHA-1: 5a79d437e17689a621cbdb324b7ff9466fd4415c SHA-256: c4a5726938322fdb0d0b535cc6bdbb0d5005028921048ccf669916738cc92d9c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates the presence of 32 external links, predominantly hosted on 'www.gorillawalker.com'. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine results or to serve as a distribution point for further malicious content. The embedded URLs are the primary indicators of compromise.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/for-all-the-saints-handbell-2-sheet-music.pdf
    • http://www.gorillawalker.com/lecture-tutorials-in-earth-science.pdf
    • http://www.gorillawalker.com/earthquakes-let-s-read-and-find-out-science-2.pdf
    • http://www.gorillawalker.com/el-caso-del-creador-the-case-for-creator-a-journalist.pdf
    • http://www.gorillawalker.com/the-judicial-imagination-writing-after-nuremberg.pdf
    • http://www.gorillawalker.com/best-friend-to-perfect-bride-mills-boon-medical.pdf
    • http://www.gorillawalker.com/latinas-and-african-american-women-at-work-race-gender-and.pdf
    • http://www.gorillawalker.com/elijah-s-revolution-power-passion-and-committment-to-radical-change.pdf
    • http://www.gorillawalker.com/how-we-live.pdf
    • http://www.gorillawalker.com/chiropractic-symptomatology-vol-vii.pdf
    • http://www.gorillawalker.com/cats-in-sweaters-2015-16-month-calendar-september-2014-through.pdf
    • http://www.gorillawalker.com/physics-and-chemistry-of-earth-materials-cambridge-topics-in-mineral.pdf
    • http://www.gorillawalker.com/judgment-and-decision-making-in-accounting.pdf
    • http://www.gorillawalker.com/the-secrets-of-sand-a-journey-into-the-amazing-microscopic.pdf
    • http://www.gorillawalker.com/100-amazing-paper-animal-snowflakes-a-magical-menagerie-of-kirigami.pdf
    • http://www.gorillawalker.com/advances-in-vagal-afferent-neurobiology-frontiers-in-neuroscience.pdf
    • http://www.gorillawalker.com/whole-lotta-leaves-coloring-book-double-pack-volumes-1-2.pdf
    • http://www.gorillawalker.com/peace-and-where-to-find-it.pdf
    • http://www.gorillawalker.com/hoyt-street-an-autobiography.pdf
    • http://www.gorillawalker.com/the-soapmaker-s-companion-a-comprehensive-guide-with-recipes-techniques.pdf
    • http://www.gorillawalker.com/sword-fighting-a-manual-for-actors-directors.pdf
    • http://www.gorillawalker.com/nolo-s-essential-guide-to-child-custody-and-support.pdf
    • http://www.gorillawalker.com/iwo.pdf
    • http://www.gorillawalker.com/disease-and-insect-resistance-in-plants.pdf
    • http://www.gorillawalker.com/micah-learns-to-read-rosen-real-readers-stem-and-steam.pdf
    • http://www.gorillawalker.com/biology-the-easy-way-easy-way-series.pdf
    • http://www.gorillawalker.com/compulsory-winding-up-procedure-practice-notes.pdf
    • http://www.gorillawalker.com/smith-currie-and-hancock-s-common-sense-construction-law-a.pdf
    • http://www.gorillawalker.com/miraculous-occurences-and-counsels-of-elder-porphyrios-as-they-were.pdf
    • http://www.gorillawalker.com/escape-to-mulberry-cottage.pdf
    • http://www.gorillawalker.com/franchement-bk-2.pdf
    • http://www.gorillawalker.com/the-tale-of-tsar-saltan-opera-flight-of-the-bumblebee.pdf
    • http://www.gorillawalker.com/the-lottery-winner-alvirah-and-willy-stories.pdf
    • http://www.gorillawalker.com/essential-geographical-skills.pdf
    • http://www.gorillawalker.com/great-american-music-broadway-musicals-the-great-courses-on-vhs.pdf
    • http://www.gorillawalker.com/the-ambassador-s-wife-the-inspector-samuel-tay-novels-book.pdf
    • http://www.gorillawalker.com/pathfinder-companion-andoran-spirit-of-liberty.pdf
    • http://www.gorillawalker.com/sacred-symbols-finding-meaning-in-rites-rituals-and-ordinances.pdf
    • http://www.gorillawalker.com/joshua-tree-bouldering-joshua-tree-national-park.pdf
    • http://www.gorillawalker.com/divine-scapegoats-demonic-mimesis-in-early-jewish-mysticism.pdf
    • http://www.gorillawalker.com/cats-in-sweaters-2015-16-month-calendar-septem
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.