Malicious PDF — malware analysis report

Static analysis result for SHA-256 e1cb2fcdd47caf77…

MALICIOUS

PDF

43.2 KB Created: 2018-12-15 20:00:52 +03:00 Authoring application: Data Dynamics ActiveReports (tm) for .NET
MD5: 56ed9a32a3fda668b31c55bc22d053b6 SHA-1: f9e96e28a0c161169a520c780f139d12b55af9c8 SHA-256: e1cb2fcdd47caf775f9447225848688670a8d300723f7b151b0b10dbde2365d0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a critical heuristic firing for a link farm, containing 32 external links, predominantly hosted on www.gorillawalker.com. While no scripts were extracted, the sheer volume of embedded URLs suggests a malicious intent, likely for SEO manipulation or to serve as a lure for further malicious activity. The document body was heavily obfuscated and unreadable.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/transiciones-pathways-of-latinas-and-latinos-writing-in-high-school.pdf
    • http://www.gorillawalker.com/formulae-and-tables-for-examinations-of-the-faculty-of-actuaries.pdf
    • http://www.gorillawalker.com/fdny-2001-2011-a-decade-of-remembrance-and-resilience.pdf
    • http://www.gorillawalker.com/design-elements-color-fundamentals-a-graphic-style-manual-for-understanding.pdf
    • http://www.gorillawalker.com/how-to-pick-up-chicks-secret-tricks-every-man-should.pdf
    • http://www.gorillawalker.com/basic-writings-of-saint-thomas-aquinas-volume-one.pdf
    • http://www.gorillawalker.com/adhd-a-disorder-or-an-advantage-adhd-children-adhd-adults.pdf
    • http://www.gorillawalker.com/101-ways-to-score-higher-on-your-gre-what-you.pdf
    • http://www.gorillawalker.com/beginning-intermediate-algebra-4th-edition.pdf
    • http://www.gorillawalker.com/principles-for-building-resilience-sustaining-ecosystem-services-in-social-ecological.pdf
    • http://www.gorillawalker.com/more-mbe-with-answers-for-law-students-challenging-mbes-for.pdf
    • http://www.gorillawalker.com/abstract-adventure-ix-a-kaleidoscopia-coloring-book-assorted-mosaics.pdf
    • http://www.gorillawalker.com/a-court-of-thorns-and-roses-court-of-thorns-roses.pdf
    • http://www.gorillawalker.com/banach-algebras-lectures-in-mathematics.pdf
    • http://www.gorillawalker.com/the-cambridge-history-of-american-literature-volume-1-1590-1820.pdf
    • http://www.gorillawalker.com/california-nevada-campbook-valid-until-jan-2007.pdf
    • http://www.gorillawalker.com/rose-s-journal-the-story-of-a-girl-in-the.pdf
    • http://www.gorillawalker.com/cell-imaging-techniques-methods-and-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/art-of-spiritual-guidance.pdf
    • http://www.gorillawalker.com/the-crocodile-ruler-of-the-river-reader-s-digest-animal.pdf
    • http://www.gorillawalker.com/the-ancora-christmas-bible-comic.pdf
    • http://www.gorillawalker.com/flash-of-light-kindle-edition.pdf
    • http://www.gorillawalker.com/antigone-french-literary-texts.pdf
    • http://www.gorillawalker.com/i-do-or-do-i-are-you-ready-to-change.pdf
    • http://www.gorillawalker.com/i-m-physical-geology.pdf
    • http://www.gorillawalker.com/linville-gorge-mount-mitchell-pisgah-national-forest-national-geographic-trails.pdf
    • http://www.gorillawalker.com/islamic-philosophy-bolinda-beginner-guides-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/touchstone-level-3-student-s-book-a.pdf
    • http://www.gorillawalker.com/the-canon-of-scripture.pdf
    • http://www.gorillawalker.com/telling-it-again-and-again-repetition-in-literature-and-film.pdf
    • http://www.gorillawalker.com/traditional-south-african-cookbook.pdf
    • http://www.gorillawalker.com/plant-physiology.pdf
    • http://www.gorillawalker.com/once-roguish-goes-wild-book-ii-a-dark-twisted-tale.pdf
    • http://www.gorillawalker.com/the-place-of-provenance-regional-styles-in-tibetan-painting-masterworks.pdf
    • http://www.gorillawalker.com/civil-procedures-in-europe-recourse-against-judgements-in-the-european.pdf
    • http://www.gorillawalker.com/using-mis-7th-edition.pdf
    • http://www.gorillawalker.com/a-philosophy-of-mass-art.pdf
    • http://www.gorillawalker.com/pursuit-of-the-marvelous-stanley-william-hayter-charles-howard-gordon.pdf
    • http://www.gorillawalker.com/a-basic-guide-to-interpreting-the-bible-playing-by-the.pdf
    • http://www.gorillawalker.com/impromptu.pdf
    • http://www.gorillawalker.com/how-to-pick-up-chicks-secret-tricks-every-man-sho
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off0000177e.js
d0947c608ae8e15e36c5312a405880aff9351be3134826f537322b86b73edf9b		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x177E 36628 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.