Malicious PDF — malware analysis report

Static analysis result for SHA-256 dd65d19c56fb44dd…

MALICIOUS

PDF

42.5 KB Created: 2018-11-15 19:36:16 +03:00 Authoring application: PDFpen
MD5: 6844d0624f834b32505f350d0416291f SHA-1: 1b91b62f1555f38c279de17e5fd4f14cfd77104f SHA-256: dd65d19c56fb44dd16b18ac38340d26f073aebfd7b25f3593bc0668b209acaf7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on www.gorillawalker.com. The primary purpose appears to be to create a link farm, potentially for SEO manipulation or to distribute malicious content disguised as legitimate documents. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/el-poder-del-ingenio-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/sailing-home-using-the-wisdom-of-homer-s-odyssey-to.pdf
    • http://www.gorillawalker.com/the-politics-of-nuclear-weapons-in-south-asia.pdf
    • http://www.gorillawalker.com/este-libro-es-de-mi-abuelo-el-libro-de-spanish.pdf
    • http://www.gorillawalker.com/stacie-and-her-luxury-lady-helicopter.pdf
    • http://www.gorillawalker.com/warheart-sword-of-truth.pdf
    • http://www.gorillawalker.com/toddler-talk-easily-encourage-your-toddler-s-language-development-with.pdf
    • http://www.gorillawalker.com/biblia-sacra-vulgate-editionis-cum-commentariis-quib-acced-supplem-a.pdf
    • http://www.gorillawalker.com/hurry-and-the-monarch.pdf
    • http://www.gorillawalker.com/on-her-own-brides-of-webster-county-series-2-truly.pdf
    • http://www.gorillawalker.com/the-orthodox-church-new-edition.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-with-analytic-geometry-11th-edition.pdf
    • http://www.gorillawalker.com/espionage-in-the-ancient-world-an-annotated-bibliography-of-books.pdf
    • http://www.gorillawalker.com/classic-rock-cello-easy-instrumental-play-along-book-with-online.pdf
    • http://www.gorillawalker.com/twenty-one-cardinals.pdf
    • http://www.gorillawalker.com/elementary-textbook-and-abridged-manual-of-information-and-suggestions-for.pdf
    • http://www.gorillawalker.com/complete-sinawali-filipino-double-weapon-fighting-complete-martial-arts.pdf
    • http://www.gorillawalker.com/unitaf-in-somalia-vehicles-of-restore-hope-forces.pdf
    • http://www.gorillawalker.com/my-boyfriend-is-a-vampire-vol-9-10.pdf
    • http://www.gorillawalker.com/decomposers-with-web-access-food-chains.pdf
    • http://www.gorillawalker.com/guide-to-networking-essentials-5th-edition.pdf
    • http://www.gorillawalker.com/american-theaters-performance-halls-of-the-nineteenth-century-preservation-pres.pdf
    • http://www.gorillawalker.com/the-cold-war-a-global-history-with-documents-revised-printing.pdf
    • http://www.gorillawalker.com/cities-and-complexity-understanding-cities-with-cellular-automata-agent-based.pdf
    • http://www.gorillawalker.com/the-carnivalesque-defunto-death-and-the-dead-in-modern-brazilian.pdf
    • http://www.gorillawalker.com/be-fabulous-the-reading-teacher-s-guide-to-reclaiming-your.pdf
    • http://www.gorillawalker.com/covered-calls-and-naked-puts-create-your-own-stock-options.pdf
    • http://www.gorillawalker.com/changed-the-changed-series-volume-1.pdf
    • http://www.gorillawalker.com/bsava-small-animal-formulary-exotic-pets-part-b.pdf
    • http://www.gorillawalker.com/inspire-3.pdf
    • http://www.gorillawalker.com/youth-moves-identities-and-education-in-global-perspective-critical-youth.pdf
    • http://www.gorillawalker.com/the-new-formula-for-getting-laid-become-an-alpha-male.pdf
    • http://www.gorillawalker.com/pinnacle-studio-8-for-windows.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-commercial-real-estate-investing.pdf
    • http://www.gorillawalker.com/methods-of-nonlinear-analysis-applications-to-differential-equations-birkh-user.pdf
    • http://www.gorillawalker.com/compendium-of-bean-diseases-aps-disease-compendium-series.pdf
    • http://www.gorillawalker.com/crackpot-the-obsessions.pdf
    • http://www.gorillawalker.com/lost-arielle-lockley-series-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/law-and-leadership-integrating-leadership-studies-into-the-law-school.pdf
    • http://www.gorillawalker.com/estamos-aqu-poems-by-migrant-farmworkers-spanish-edition.pdf
    • http://www.gorillawalker.com/toddler-talk-easily-en
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.