Malicious PDF — malware analysis report

Static analysis result for SHA-256 e56524daba62205e…

MALICIOUS

PDF

45.0 KB Created: 2019-03-17 06:58:19 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 6.0 (Windows))
MD5: 6dc2c28ea6e7271fe38e73e78b0a0aa5 SHA-1: 7f8e9b0562f58746a858e2267346d8205e833308 SHA-256: e56524daba62205eb42ebc1bfe0e1c3d586ea18f4ceb81ef546378afc6e7a11f
68 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads disguised as legitimate documents. The 'SE_DOWNLOAD_BUTTON' heuristic suggests a call-to-action, further supporting the idea that users are intended to click these links. No scripts were extracted, and the document body was unreadable.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/windows-multi-dbms-programming-using-c-visual-basic-odbc-ole2.pdf
    • http://www.gorillawalker.com/beginners-guide-to-figure-drawing.pdf
    • http://www.gorillawalker.com/the-scotch-whisky-directory.pdf
    • http://www.gorillawalker.com/3-duets-for-the-piano-op-6-country-dance-no.pdf
    • http://www.gorillawalker.com/usp-di-2000-advice-for-the-patient-drug-information-in.pdf
    • http://www.gorillawalker.com/introduction-to-genetic-analysis-solutions-megamanual.pdf
    • http://www.gorillawalker.com/netter-s-musculoskeletal-flash-cards-updated-edition-1e-netter-basic.pdf
    • http://www.gorillawalker.com/the-coconut-oil-miracle-5th-edition.pdf
    • http://www.gorillawalker.com/translation-power-subversion-language-and-education-library.pdf
    • http://www.gorillawalker.com/blkgrl-the-ascension-volume-1.pdf
    • http://www.gorillawalker.com/check-deposit-register.pdf
    • http://www.gorillawalker.com/men-versus-the-man-a-correspondence-between-robert-rives-la.pdf
    • http://www.gorillawalker.com/the-little-book-of-pediatrics-infants-to-teens-and-everything.pdf
    • http://www.gorillawalker.com/herakles-and-the-cretan-bull-the-legend-of-herakles-book.pdf
    • http://www.gorillawalker.com/the-runner-vol-2-hentai-anime-manga-images-kindle-edition.pdf
    • http://www.gorillawalker.com/hummel-figurines-and-plates-a-collector-s-identification-and-value.pdf
    • http://www.gorillawalker.com/declassified-the-colombian-platinum-intrigues-of-wwii-kindle-edition.pdf
    • http://www.gorillawalker.com/community-as-client-application-of-the-nursing-process.pdf
    • http://www.gorillawalker.com/cuba-a-cruising-guide.pdf
    • http://www.gorillawalker.com/relapse-prevention-counseling-clinical-strategies-to-guide-addiction-recovery-and.pdf
    • http://www.gorillawalker.com/ring-resounding-the-recording-of-der-ring-des-nibelungen.pdf
    • http://www.gorillawalker.com/venice-lam-venezia.pdf
    • http://www.gorillawalker.com/behavioural-concerns-and-autistic-spectrum-disorders-explanations-and-strategies-for.pdf
    • http://www.gorillawalker.com/for-the-foundation-prevention-clinical-dental-nursing-medical-specialties-available.pdf
    • http://www.gorillawalker.com/moved-to-action-motivation-participation-and-inequality-in-american-politics.pdf
    • http://www.gorillawalker.com/the-cartoon-guide-to-statistics.pdf
    • http://www.gorillawalker.com/audio-video-buying-guide.pdf
    • http://www.gorillawalker.com/fraud-investigator-passbooks-career-examination-passbooks.pdf
    • http://www.gorillawalker.com/band-expressions-book-one-alto-saxophone-texas-edition-expressions-music.pdf
    • http://www.gorillawalker.com/21-power-tools-of-reiki.pdf
    • http://www.gorillawalker.com/you-are-coach-basket.pdf
    • http://www.gorillawalker.com/analyzing-video-sequences-of-multiple-humans-tracking-posture-estimation-and.pdf
    • http://www.gorillawalker.com/empowering-human-resources-in-the-merger-and-acquisition-process.pdf
    • http://www.gorillawalker.com/convair-twins-airliner-tech-vol-12.pdf
    • http://www.gorillawalker.com/inconvenient-people-lunacy-liberty-and-the-mad-doctors-in-victorian.pdf
    • http://www.gorillawalker.com/the-drawing-room-english-country-house-decoration.pdf
    • http://www.gorillawalker.com/northwest-passage-the-annotated-collection.pdf
    • http://www.gorillawalker.com/healthy-sleep-baby-sleep-guide-to-bring-your-baby-smooth.pdf
    • http://www.gorillawalker.com/spectral-methods-for-uncertainty-quantification-with-applications-to-computational-fluid.pdf
    • http://www.gorillawalker.com/violin-concerto-study-score-hps-1472-hawkes-pocket-scores.pdf
    • http://www.gorillawalker.com/introduction-to-genetic-analysis-solutions-m
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.