Malicious PDF — malware analysis report

Static analysis result for SHA-256 db8887befca32570…

MALICIOUS

PDF

30.7 KB Created: 2020-02-20 05:28:25 +03:00 Authoring application: QuarkXPress(R) 8.0
MD5: 4ab8a581f0743ea4d0f705fbd479eea8 SHA-1: 985b972fd107935daa2f6a026c63b971f6c2c8df SHA-256: db8887befca32570c7c0445f772dab0b9dbed5710018ae1441d9170918c2a496
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was identified as malicious due to a critical heuristic firing for PDF_SEO_LINK_FARM, indicating a mass of external PDF links. The document body contains numerous URLs pointing to various PDF files hosted on www.gorillawalker.com. This suggests a link-farming or redirection scheme rather than direct content delivery. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/after-midnight-harlequin-blaze-holiday-heat.pdf
    • http://www.gorillawalker.com/the-oedipus-cycle-an-english-version.pdf
    • http://www.gorillawalker.com/the-iron-king-the-accursed-kings-book-1.pdf
    • http://www.gorillawalker.com/grapevine-1997-definitive-wine-buyer-s-guide-to-over-2000.pdf
    • http://www.gorillawalker.com/the-parish-census-and-the-liber-status-animarum-1954-hardcover.pdf
    • http://www.gorillawalker.com/selected-poems-of-c-n-bialik-jewish-classics.pdf
    • http://www.gorillawalker.com/american-elsewhere.pdf
    • http://www.gorillawalker.com/damsel-of-death.pdf
    • http://www.gorillawalker.com/injectable-vitamin-c-and-the-treatments-of-viral-and-other.pdf
    • http://www.gorillawalker.com/english-fundamentals-form-c-11th-edition.pdf
    • http://www.gorillawalker.com/gis-for-ecology-an-introduction.pdf
    • http://www.gorillawalker.com/the-study-of-orchestration.pdf
    • http://www.gorillawalker.com/felicity-wishes-party-magic.pdf
    • http://www.gorillawalker.com/how-to-engage-with-the-private-sector-in-public-private.pdf
    • http://www.gorillawalker.com/small-game-hunting-rabbits-squirrels-and-other-small-animals-open.pdf
    • http://www.gorillawalker.com/lul-la-perdida-spanish-edition.pdf
    • http://www.gorillawalker.com/i-invited-a-dragon-to-dinner.pdf
    • http://www.gorillawalker.com/harris-california-san-diego-commerce-and-industry-directory-2015.pdf
    • http://www.gorillawalker.com/products-liability-cases-and-materials-american-casebook-american-casebook-series.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-and-psalms-of-david.pdf
    • http://www.gorillawalker.com/erotic-poetry-for-men-kindle-edition.pdf
    • http://www.gorillawalker.com/i-ching-a-new-interpretation-for-modern-times.pdf
    • http://www.gorillawalker.com/diary-of-a-zombie-king-an-unofficial-minecraft-book-minecraft.pdf
    • http://www.gorillawalker.com/led-zeppelin-and-philosophy-all-will-be-revealed-popular-culture.pdf
    • http://www.gorillawalker.com/jerusalem-and-the-holy-land-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/the-quantum-universe-and-why-anything-that-can-happen-does.pdf
    • http://www.gorillawalker.com/dead-to-the-world-sookie-stackhouse-true-blood-book-4.pdf
    • http://www.gorillawalker.com/cpr-and-aed.pdf
    • http://www.gorillawalker.com/burst-of-rhymes-and-recipes.pdf
    • http://www.gorillawalker.com/the-insiders-guide-to-madison-2nd-ed.pdf
    • http://www.gorillawalker.com/harry-pennington-kindle-edition.pdf
    • http://www.gorillawalker.com/no-one-saw.pdf
    • http://www.gorillawalker.com/ego-the-game-of-life.pdf
    • http://www.gorillawalker.com/new-foundations-of-cost-benefit-analysis.pdf
    • http://www.gorillawalker.com/a-misplaced-massacre-struggling-over-the-memory-of-sand-creek.pdf
    • http://www.gorillawalker.com/received-wisdom-kernels-of-truth-and-boundary-conditions-in-organizational.pdf
    • http://www.gorillawalker.com/not-on-my-glasses-eyeglass-fetish-one-night-stand-book.pdf
    • http://www.gorillawalker.com/wisdom-walk.pdf
    • http://www.gorillawalker.com/stableisotopes-in-sedimentary-geology.pdf
    • http://www.gorillawalker.com/the-oregon-trail-graphic-history-graphic-planet.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.