Malicious PDF — malware analysis report

Static analysis result for SHA-256 ca9b91eda16b167b…

MALICIOUS

PDF

34.5 KB Created: 2019-09-02 22:05:01 +03:00 Authoring application: calibre 0.9.8 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 3d2215e45b6f16c1adcee0d77d1c1460 SHA-1: 0f65a8ca3df5147a7659fc28868367f01304a940 SHA-256: ca9b91eda16b167b74c81b5f3e7f85b1588f856c673fbf6b3925334b02162223
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file exhibits a PDF_SEO_LINK_FARM heuristic, indicating it contains a large number of embedded links to external PDF files hosted on www.gorillawalker.com. This suggests a potential attempt to manipulate search engine results or distribute further malicious content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/el-gran-libro-del-tarot-manual-pr.pdf
    • http://www.gorillawalker.com/jazz-theory-and-practice.pdf
    • http://www.gorillawalker.com/the-evolution-of-fashion-pattern-and-cut-from-1066-to.pdf
    • http://www.gorillawalker.com/the-value-of-talent-promoting-talent-management-across-the-organization.pdf
    • http://www.gorillawalker.com/the-irish-statute-staple-books-1596-1687-with-cd-rom.pdf
    • http://www.gorillawalker.com/mated-to-the-alpha-were-wolf-bbw-fertile-erotica.pdf
    • http://www.gorillawalker.com/absolute-beginners-ukulele.pdf
    • http://www.gorillawalker.com/grammar-for-teachers-a-guide-to-american-english-for-native.pdf
    • http://www.gorillawalker.com/the-block-rug-with-3x5-inch-squares-a-vintage-1953.pdf
    • http://www.gorillawalker.com/routledge-international-handbook-of-medical-education-routledge-international-handbooks.pdf
    • http://www.gorillawalker.com/reversing-dry-eye-syndrome-practical-ways-to-improve-your-comfort.pdf
    • http://www.gorillawalker.com/make-your-own-rules-diet.pdf
    • http://www.gorillawalker.com/the-return-of-george-sutherland.pdf
    • http://www.gorillawalker.com/design-of-fishways-and-other-fish-facilities.pdf
    • http://www.gorillawalker.com/tick-tock.pdf
    • http://www.gorillawalker.com/tuaregs-endangered-cultures.pdf
    • http://www.gorillawalker.com/finite-mathematics-third-edition.pdf
    • http://www.gorillawalker.com/symphony-no-42-in-d-major-hob-i-42-full.pdf
    • http://www.gorillawalker.com/stories-in-stone-the-complete-guide-to-cemetery-symbolism-and.pdf
    • http://www.gorillawalker.com/eyes-in-the-sky-eisenhower-the-cia-and-cold-war.pdf
    • http://www.gorillawalker.com/history-of-gnosticism.pdf
    • http://www.gorillawalker.com/finance-and-leisure-llm.pdf
    • http://www.gorillawalker.com/testimonios-early-california-through-the-eyes-of-women-1815-150.pdf
    • http://www.gorillawalker.com/increasing-real-estate-sales-through-exchanging.pdf
    • http://www.gorillawalker.com/in-my-life-the-beatles-ssaa-a-cappella-ttbb-acappel.pdf
    • http://www.gorillawalker.com/jaina-sutras-part-ii.pdf
    • http://www.gorillawalker.com/the-spiritual-guidance-of-the-individual-and-humanity-some-results.pdf
    • http://www.gorillawalker.com/mathematical-methods-for-physicists-sixth-edition-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/sir-john-davies-and-the-conquest-of-ireland-a-study.pdf
    • http://www.gorillawalker.com/voices-in-court-a-treasury-of-the-law.pdf
    • http://www.gorillawalker.com/first-chicago-guide.pdf
    • http://www.gorillawalker.com/integrated-product-and-process-design-and-development-the-product-realization.pdf
    • http://www.gorillawalker.com/sister-sarah-s-west-viriginia-lucky-address-finders-kindle-edition.pdf
    • http://www.gorillawalker.com/introduction-to-infrared-and-raman-spectroscopy.pdf
    • http://www.gorillawalker.com/night-dancer.pdf
    • http://www.gorillawalker.com/supergods.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-weird-word-origins.pdf
    • http://www.gorillawalker.com/population-genetics-and-evolution.pdf
    • http://www.gorillawalker.com/unusual-hotels-europe.pdf
    • http://www.gorillawalker.com/mathematics-and-calculations-for-agronomists-and-soil-scientists-british-imperical.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.