Malicious PDF — malware analysis report

Static analysis result for SHA-256 d852bf20b73d25c5…

MALICIOUS

PDF

43.3 KB Created: 2019-04-06 14:54:07 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 4aac57fec28ec9c0519b880eabb258a1 SHA-1: d297e10c1a2bedf6878b736d7b7671d80ba3661e SHA-256: d852bf20b73d25c58f723c6d68f913d99d65b4b08cec668baa9247a671ed38e5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a heuristic firing for a large number of external PDF links, all hosted on the same domain (www.gorillawalker.com). This suggests a link farm or SEO manipulation tactic. The embedded URLs point to various PDF documents, indicating a potential distribution mechanism for further malicious content or a method to inflate search engine rankings. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/personology.pdf
    • http://www.gorillawalker.com/constructing-a-new-framework-for-rural-development-research-in-rural.pdf
    • http://www.gorillawalker.com/the-silence-of-bonaventure-arrow-a-novel.pdf
    • http://www.gorillawalker.com/in-the-amazon-jungle-scholar-s-choice-edition-paperback.pdf
    • http://www.gorillawalker.com/wastewater-treatment-troubleshooting-and-problem-solving.pdf
    • http://www.gorillawalker.com/advances-in-imaging-and-electron-physics-volume-101-srlances-in.pdf
    • http://www.gorillawalker.com/the-paralyzed-man-open-your-eyes-collection.pdf
    • http://www.gorillawalker.com/cholesterol-the-real-truth.pdf
    • http://www.gorillawalker.com/public-hysteria-two-victorian-era-short-erotica-stories-kindle-edition.pdf
    • http://www.gorillawalker.com/towards-a-park-and-outdoor-recreation-systems-plan-for-the.pdf
    • http://www.gorillawalker.com/renewing-god-s-people-a-concise-history-of-churches-of.pdf
    • http://www.gorillawalker.com/the-wrong-stuff-flying-on-the-edge-of-disaster.pdf
    • http://www.gorillawalker.com/popular-science-monthly-march-1937.pdf
    • http://www.gorillawalker.com/keeping-you-abreast-one-woman-s-e-mail-journal-through.pdf
    • http://www.gorillawalker.com/fabulae-ancillantes-units-1-and-2-north-american-cambridge-latin.pdf
    • http://www.gorillawalker.com/photonics-and-laser-engineering-principles-devices-and-applications.pdf
    • http://www.gorillawalker.com/italy-from-the-air.pdf
    • http://www.gorillawalker.com/checking-the-net-contents-of-packaged-goods-as-adopted-by.pdf
    • http://www.gorillawalker.com/my-friend-is-blind.pdf
    • http://www.gorillawalker.com/college-algebra-with-trigonometry-7th-edition.pdf
    • http://www.gorillawalker.com/training-the-modern-show-jumper.pdf
    • http://www.gorillawalker.com/quality-control-a-handbook-of-scientific-inspection-with-doall-gages.pdf
    • http://www.gorillawalker.com/manual-de-fotografia-digital-slr-colling-digital-slr-handbook-spanish.pdf
    • http://www.gorillawalker.com/people-and-public-administration-case-studies-and-perspectives.pdf
    • http://www.gorillawalker.com/the-portable-platonov-new-russian-writing.pdf
    • http://www.gorillawalker.com/creating-a-safety-program-an-article-from-journal-of-property.pdf
    • http://www.gorillawalker.com/math-word-problems-for-all-interactive-whiteboards-grade-4.pdf
    • http://www.gorillawalker.com/the-history-of-english-law-before-the-time-of-edward.pdf
    • http://www.gorillawalker.com/reiki-universal-gift-of-god-s-healing-love-advanced-and.pdf
    • http://www.gorillawalker.com/blue-ribbon-bow-a-fly-fishing-history-of-the-bow.pdf
    • http://www.gorillawalker.com/contagious-audiobook-contagious-why-things-catch-on-audiobook-unabridged-audio.pdf
    • http://www.gorillawalker.com/alaska-a-novel.pdf
    • http://www.gorillawalker.com/anxiety-in-mosaic.pdf
    • http://www.gorillawalker.com/the-dom-unites-wolf-and-panther-unchained-love-5-siren.pdf
    • http://www.gorillawalker.com/2013-standard-catalog-of-world-coins-1901-2000.pdf
    • http://www.gorillawalker.com/im-essentials-questions.pdf
    • http://www.gorillawalker.com/nextext-historical-readers-japanese-american-internment-japanese-american-internment.pdf
    • http://www.gorillawalker.com/handbook-of-climate-change-and-india-development-politics-and-governance.pdf
    • http://www.gorillawalker.com/genetics-laboratory-investigations-14th-edition.pdf
    • http://www.gorillawalker.com/never-too-late-carolina-cousins-book-3-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.