Malicious PDF — malware analysis report

Static analysis result for SHA-256 e19c5959d75074e3…

MALICIOUS

PDF

45.7 KB Created: 2019-03-18 02:04:55 +03:00 Authoring application: calibre 0.9.13 [http://calibre-ebook.com]
MD5: 665ce57ac97368065634086cf775635a SHA-1: 0c63025b60fce1a00f957113d50d37b6783eec5f SHA-256: e19c5959d75074e3700270fec1fad807938bfc173d1ea7b2d5e1a8112f975b7f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on www.gorillawalker.com. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute malicious content. No scripts were extracted from this sample, limiting further analysis of its behavior.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/espiritualidad-y-psicolog-a-fuente-de-la-madurez-humana-spanish.pdf
    • http://www.gorillawalker.com/algebraic-combinatorics-and-computer-science-a-tribute-to-gian-carlo.pdf
    • http://www.gorillawalker.com/plano-sur-del-gran-buenos-aires-14-spanish-edition.pdf
    • http://www.gorillawalker.com/design-criteria-for-concrete-gravity-and-arch-dams-united-states.pdf
    • http://www.gorillawalker.com/a-calling-to-thrall-a-bdsm-erotic-pet-play-story.pdf
    • http://www.gorillawalker.com/until-i-found-you.pdf
    • http://www.gorillawalker.com/biodiversity-of-deserts.pdf
    • http://www.gorillawalker.com/the-patriot-threat-a-novel-cotton-malone-book-10.pdf
    • http://www.gorillawalker.com/frame-drumming-free-hand-style-the-basics-a-rhythmic-guide.pdf
    • http://www.gorillawalker.com/friends-snake-and-lizard.pdf
    • http://www.gorillawalker.com/localization-in-clinical-neurology.pdf
    • http://www.gorillawalker.com/her-own-devices-a-steampunk-adventure-novel-magnificent-devices-book.pdf
    • http://www.gorillawalker.com/after-shakespeare-an-anthology-language-for-life.pdf
    • http://www.gorillawalker.com/inside-ralphie-el-autobus-mag-ico-en-el-cuerpo-de.pdf
    • http://www.gorillawalker.com/presumption-of-innocence-david-brunelle-legal-thrillers-book-1-kindle.pdf
    • http://www.gorillawalker.com/a-cultural-history-of-fashion-in-the-twentieth-century-from.pdf
    • http://www.gorillawalker.com/how-to-cheat-in-3ds-max-2011-get-spectacular-results.pdf
    • http://www.gorillawalker.com/the-heart-of-redness-a-novel.pdf
    • http://www.gorillawalker.com/tempting-demons.pdf
    • http://www.gorillawalker.com/wolf-house-wolf-house-kiera-hudson-series-one-book-4.pdf
    • http://www.gorillawalker.com/pike-place-public-market-seafood-cookbook-by-braiden-rex-johnson.pdf
    • http://www.gorillawalker.com/valencia-spain-including-its-history-the-las-fallas-festival-paleo.pdf
    • http://www.gorillawalker.com/music-minus-one-tenor-sax-alto-sax-or-trumpet-boots.pdf
    • http://www.gorillawalker.com/rachel-rising-5-giunge-la-notte-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/native-americans-of-san-diego-county-images-of-america.pdf
    • http://www.gorillawalker.com/dookie-sookie-and-big-mo.pdf
    • http://www.gorillawalker.com/vlsi-interview-question-static-timing-analysis-kindle-edition.pdf
    • http://www.gorillawalker.com/g-henle-verlag-two-part-inventions-bwv-772-786-by.pdf
    • http://www.gorillawalker.com/a-quilt-detective-mystery-a-patchwork-of-poison-a-mystery.pdf
    • http://www.gorillawalker.com/ultraschallfibel-orthop-die-traumatologie-rheumatologie-german-edition.pdf
    • http://www.gorillawalker.com/las-hociconas-three-locas-with-big-mouths-and-even-bigger.pdf
    • http://www.gorillawalker.com/paul-s-letters-to-the-galatians-and-ephesians-the-learner.pdf
    • http://www.gorillawalker.com/songs-of-the-church-belwin-edition.pdf
    • http://www.gorillawalker.com/new-mexico-living-trust-handbook-how-to-create-a-living.pdf
    • http://www.gorillawalker.com/handbook-of-finite-fields-discrete-mathematics-and-its-applications-1st.pdf
    • http://www.gorillawalker.com/le-qu.pdf
    • http://www.gorillawalker.com/having-fun-over-bristol-world-capital-of-hot-air-ballooning.pdf
    • http://www.gorillawalker.com/trees-for-the-small-garden.pdf
    • http://www.gorillawalker.com/hysteria-health-heresy-and-hialeah-the-religious-basis-for-animal.pdf
    • http://www.gorillawalker.com/riding-the-dragon-s-back-the-race-to-raft-the.pdf
    • http://www.gorillawalker.com/a-calling-to-thrall-a-bdsm-e
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.