Malicious PDF — malware analysis report

Static analysis result for SHA-256 e31c6e0ceeb2810c…

MALICIOUS

PDF

38.9 KB Created: 2018-11-14 21:07:25 +03:00 Authoring application: - (via GNU Ghostscript 6.53)
MD5: 62e24b01fa529fef1337c33a6f3a4772 SHA-1: 713ef602d34adbed938cd3a83c65c4f23d4823d5 SHA-256: e31c6e0ceeb2810c698c5cd5ba32dd931bdb4617dbb06b9b733139d61707147c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, with 32 links found, all hosted on 'www.gorillawalker.com'. While no scripts were extracted, the sheer volume of links suggests a potential attempt to drive traffic to malicious or compromised content.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/madeline-s-brooch-arousing-conclusions.pdf
    • http://www.gorillawalker.com/theories-of-learning-5th-edition.pdf
    • http://www.gorillawalker.com/battletech-silent-reapers-zyklus-6-allein-gegen-alle-german-edition.pdf
    • http://www.gorillawalker.com/antarctic-odyssey-endurance-and-adventure-in-the-farthest-south.pdf
    • http://www.gorillawalker.com/water-topic-books.pdf
    • http://www.gorillawalker.com/death-comes-as-the-end-mystery-masters.pdf
    • http://www.gorillawalker.com/mapping-time-the-calendar-and-its-history.pdf
    • http://www.gorillawalker.com/the-one-to-one-b2b-customer-relationship-management-strategies-for.pdf
    • http://www.gorillawalker.com/record-grade-book.pdf
    • http://www.gorillawalker.com/business-mathematics-and-statistics.pdf
    • http://www.gorillawalker.com/minister-to-the-people.pdf
    • http://www.gorillawalker.com/khmer-new-testament-khmer-standard-version-khsv-250-cambodia-color.pdf
    • http://www.gorillawalker.com/saving-and-investment-wisdom-a-guide-to-investing-and-personal.pdf
    • http://www.gorillawalker.com/khartoum-campaign-1898-or-the-re-conquest-of-the-soudan.pdf
    • http://www.gorillawalker.com/from-girls-to-grrlz-a-history-of-women-s-comics.pdf
    • http://www.gorillawalker.com/ting-ting.pdf
    • http://www.gorillawalker.com/il-trovatore-cloth-it-vocal-score-author-giuseppe-verdi-published.pdf
    • http://www.gorillawalker.com/law-machine-3rd-edition.pdf
    • http://www.gorillawalker.com/this-amazing-world-poems-and-prayers-of-wonder-and-delight.pdf
    • http://www.gorillawalker.com/ulrich-canale-s-nursing-care-planning-guides-prioritization-delegation-and.pdf
    • http://www.gorillawalker.com/unspoken-lies.pdf
    • http://www.gorillawalker.com/chakras-rays-radionics.pdf
    • http://www.gorillawalker.com/some-gave-all.pdf
    • http://www.gorillawalker.com/aktoren-grundlagen-und-anwendungen-german-edition.pdf
    • http://www.gorillawalker.com/keep-on-the-shadowfell-dungeons-dragons-adventure-h1.pdf
    • http://www.gorillawalker.com/structured-fortran-77-for-engineers-and-scientists.pdf
    • http://www.gorillawalker.com/framing-the-margins-the-social-logic-of-postmodern-culture.pdf
    • http://www.gorillawalker.com/mosquito-coast-an-account-of-a-journey-through-the-jungles.pdf
    • http://www.gorillawalker.com/robert-frost-voices-in-poetry-child-s-world.pdf
    • http://www.gorillawalker.com/value-proposition-design-how-to-create-products-and-services-customers.pdf
    • http://www.gorillawalker.com/how-to-cheat-in-motion.pdf
    • http://www.gorillawalker.com/a-pianoworks-a-night-at-the-theatre-music-from-operas.pdf
    • http://www.gorillawalker.com/the-holy-moly-story-bible-exploring-god-s-awesome-word.pdf
    • http://www.gorillawalker.com/unisonal-scales-chords-rhythmic-studies-for-bands-bass-trombone.pdf
    • http://www.gorillawalker.com/rethinking-the-way-we-teach-science-the-interplay-of-content.pdf
    • http://www.gorillawalker.com/self-knowledge-in-plato-s-phaedrus.pdf
    • http://www.gorillawalker.com/institutions-ideologies-and-individuals-feminist-perspectives-on-gender-race-and.pdf
    • http://www.gorillawalker.com/i-come-to-bury-shaksper-ii-a-deconstruction-of-the.pdf
    • http://www.gorillawalker.com/principles-of-linguistic-change-vol-1-internal-factors-language-in.pdf
    • http://www.gorillawalker.com/2014-western-horse-desk-datebook-the-stoecklein-collection.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.