Malicious PDF — malware analysis report

Static analysis result for SHA-256 d859f8c23d59ce94…

MALICIOUS

PDF

45.8 KB Created: 2018-11-26 21:49:07 +03:00 Authoring application: - (via iText 2.1.0 (by lowagie.com))
MD5: 82eae29b6db8a81fe38e6966404877e7 SHA-1: b4fd3af27a0b1818886ff352e92b8a1d9bac99af SHA-256: d859f8c23d59ce9417163b15506e3d19e8ed24062b7b34555117e0075ffe3a8b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a heuristic firing indicating a large number of external links, specifically 32, pointing to PDF files on the domain www.gorillawalker.com. The document body itself is heavily obfuscated and does not provide clear textual lures. The primary attack pattern observed is the distribution of numerous links, likely to distribute further malicious content or engage in SEO-based spam. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-write-irresistible-query-letters.pdf
    • http://www.gorillawalker.com/a-history-of-the-life-sciences.pdf
    • http://www.gorillawalker.com/easy-jazz-classics-easy-jazz-play-along-vol-3-book.pdf
    • http://www.gorillawalker.com/popular-culture-theory-and-methodology-a-basic-introduction-ray-and.pdf
    • http://www.gorillawalker.com/mummy-dk-eyewitness-books.pdf
    • http://www.gorillawalker.com/carter-3e-text-workbook-package.pdf
    • http://www.gorillawalker.com/the-oss-in-burma-jungle-war-against-the-japanese-modern.pdf
    • http://www.gorillawalker.com/play-at-the-center-of-the-curriculum-6th-edition.pdf
    • http://www.gorillawalker.com/shepherd-s-hey-bfms-3-study-score.pdf
    • http://www.gorillawalker.com/analytic-aspects-of-quantum-fields.pdf
    • http://www.gorillawalker.com/new-zealand-destination.pdf
    • http://www.gorillawalker.com/nuevos-tacos-cl-sicos-de-lorena-garc-a-spanish-edition.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-55-3930-660-14-transport.pdf
    • http://www.gorillawalker.com/isis-inside-the-army-of-terror-kindle-edition.pdf
    • http://www.gorillawalker.com/standards-for-blood-banks-and-transfusion-services-26th-edition.pdf
    • http://www.gorillawalker.com/teamwork-time-super-stickerific-wonder-pets.pdf
    • http://www.gorillawalker.com/disappearing-nightly-book-one-of-esther-diamond-esther-diamond-novel.pdf
    • http://www.gorillawalker.com/minecraft-funny-cartoons-jokes-memes-unofficial-minecraft-book-volume-3.pdf
    • http://www.gorillawalker.com/the-statesman-s-yearbook-2014-the-politics-cultures-and-economies.pdf
    • http://www.gorillawalker.com/die-ungarische-methode-ein-algorithmus-fur-bipartite-matchings-german-edition.pdf
    • http://www.gorillawalker.com/pocket-practice-ccrn-edition-book-one-practice-questions-with-rationales.pdf
    • http://www.gorillawalker.com/dragons-rising-requiem-for-dragons-book-3.pdf
    • http://www.gorillawalker.com/cengage-advantage-books-human-development-a-life-span-view.pdf
    • http://www.gorillawalker.com/islam-outline-of-a-classification-scheme.pdf
    • http://www.gorillawalker.com/life-magazine-december-18-1939.pdf
    • http://www.gorillawalker.com/jailhouse-strong-the-successful-mindset-manual-kindle-edition.pdf
    • http://www.gorillawalker.com/modernism-narrative-and-humanism.pdf
    • http://www.gorillawalker.com/comedy-o-rama-variety-pack-too-more-audio-theater-from.pdf
    • http://www.gorillawalker.com/burmese-an-introduction-to-the-literary-style-book-1-cassette.pdf
    • http://www.gorillawalker.com/a-medical-doctor-examines-life-on-three-continents-a-pakistani.pdf
    • http://www.gorillawalker.com/days-of-fire-and-glory-the-rise-and-fall-of.pdf
    • http://www.gorillawalker.com/on-uganda-s-terms-a-journal-by-an-american-nurse.pdf
    • http://www.gorillawalker.com/the-creative-director-alternative-rehearsal-techniques.pdf
    • http://www.gorillawalker.com/salted-peanut-cookie-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/you-can-learn-to-remember-change-your-thinking-change-your.pdf
    • http://www.gorillawalker.com/abiding-ink-inked-in-the-steel-city-volume-4.pdf
    • http://www.gorillawalker.com/magic-under-glass-magic-under-glass-book-1.pdf
    • http://www.gorillawalker.com/allergies-an-entry-from-thomson-gale-s-gale-encyclopedia-of.pdf
    • http://www.gorillawalker.com/thai-phrasebook-lonely-planet-language-survival-kit.pdf
    • http://www.gorillawalker.com/opening-and-running-your-own-successful-tattoo-studio-cash-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.