Malicious PDF — malware analysis report

Static analysis result for SHA-256 ddb9d1a91b8f016d…

MALICIOUS

PDF

42.8 KB Created: 2018-12-15 08:01:23 +03:00 Authoring application: Adobe Acrobat Pro 10.0.0 (via ESP Ghostscript 7.07)
MD5: 543180e6873a98b47faede03cc0c3290 SHA-1: a5f57159061b9f7b0abc717e0c8881db42d87214 SHA-256: ddb9d1a91b8f016d023e265eb9f36c7df366485ec920713fa5ef3327f57ec079
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/vertigo-and-dizziness-common-complaints.pdf
    • http://www.gorillawalker.com/sissy-dreams-collection-1.pdf
    • http://www.gorillawalker.com/freehold-freehold-series.pdf
    • http://www.gorillawalker.com/puerto-rico-s-future-a-time-to-decide-significant-issues.pdf
    • http://www.gorillawalker.com/boda-de-confianza-bianca-spanish-edition.pdf
    • http://www.gorillawalker.com/more-than-a-duke-the-heart-of-a-duke-book.pdf
    • http://www.gorillawalker.com/manufacturing-the-muse-estey-organs-and-consumer-culture-in-victorian.pdf
    • http://www.gorillawalker.com/a-companion-to-literature-and-film-blackwell-companions-in-cultural.pdf
    • http://www.gorillawalker.com/programming-microsoft-robotics-studio.pdf
    • http://www.gorillawalker.com/chicago-the-retrospective-collection-piano-vocal-guitar-artist-songbook.pdf
    • http://www.gorillawalker.com/general-lattice-theory.pdf
    • http://www.gorillawalker.com/chief-of-staff-vol-1-the-principal-officers-behind-history.pdf
    • http://www.gorillawalker.com/leddy-pepper-s-conceptual-bases-of-professional-nursing-6th-sixth.pdf
    • http://www.gorillawalker.com/titles-of-note-bibliography-bibliography-an-article-from-childhood-education.pdf
    • http://www.gorillawalker.com/encyclopedia-of-the-world-s-nations-and-cultures-4-vol.pdf
    • http://www.gorillawalker.com/the-rock-and-the-river-a-romance-of-quebec.pdf
    • http://www.gorillawalker.com/transforming-church-conflict-compassionate-leadership-in-action.pdf
    • http://www.gorillawalker.com/the-lambing-flat-paperback.pdf
    • http://www.gorillawalker.com/travels-of-a-naturalist-in-northern-europe-norway-1871-archangel.pdf
    • http://www.gorillawalker.com/physical-geology-across-the-american-landscape-with-code.pdf
    • http://www.gorillawalker.com/butterworths-securities-and-financial-services-law-handbook.pdf
    • http://www.gorillawalker.com/an-existentialist-theology.pdf
    • http://www.gorillawalker.com/the-training-of-leah-s-wife-my-not-so-loving.pdf
    • http://www.gorillawalker.com/tokyo-rock-catwalk-visual-kei-bands-big-in-japan-cocoro.pdf
    • http://www.gorillawalker.com/raspberry-pi-super-cluster-kindle-edition.pdf
    • http://www.gorillawalker.com/theory-of-scalar-implicature-outstanding-dissertations-in-linguistics.pdf
    • http://www.gorillawalker.com/aws-g2-5-g2-5m-2012-guide-for-the-fusion.pdf
    • http://www.gorillawalker.com/trinity-and-revelation-constructive-christian-theology-for-the-pluralistic-world.pdf
    • http://www.gorillawalker.com/who-am-i-really.pdf
    • http://www.gorillawalker.com/financial-statement-fraud-prevention-and-detection.pdf
    • http://www.gorillawalker.com/the-everything-dog-owner-s-organizer-calendars-charts-checklists-and.pdf
    • http://www.gorillawalker.com/romanticism-and-celebrity-culture-1750-1850.pdf
    • http://www.gorillawalker.com/the-widow-s-protector-love-inspired-suspense.pdf
    • http://www.gorillawalker.com/1830-de-la-regionalisation-a-l-independance-document-duculot-french.pdf
    • http://www.gorillawalker.com/the-good-of-community-avebury-series-in-philosophy-of-science.pdf
    • http://www.gorillawalker.com/when-textbooks-fall-short-new-ways-new-texts-new-sources.pdf
    • http://www.gorillawalker.com/studies-in-the-new-testament-glimpses-of-the-legal-and.pdf
    • http://www.gorillawalker.com/ballerina-glitter-stickers-dk-publishing.pdf
    • http://www.gorillawalker.com/1000-chinese-icelandic-icelandic-chinese-vocabulary-chinese-edition.pdf
    • http://www.gorillawalker.com/going-solo-how-to-survive-thrive-as-a-freelance-writer.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.