Malicious PDF — malware analysis report

Static analysis result for SHA-256 e5dba0fee307cba5…

MALICIOUS

PDF

45.2 KB Created: 2019-04-07 18:02:38 +03:00 Authoring application: calibre 0.9.8 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: febe7f577e2ca2fa2d6e761fed83e604 SHA-1: d9e79c267436d27b8cf339315ad2fc96c1c274ca SHA-256: e5dba0fee307cba5fedeb3804e1c1deb528f0bd10394cd2fa0a6dfc559b27b54
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large number of external links, all pointing to the same domain (www.gorillawalker.com). This suggests a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links indicates a malicious intent to redirect users to potentially harmful content or to manipulate search engine rankings. The document body was unreadable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/irrigation-water-quality-and-soil-amendments-in-egypt-effect-of.pdf
    • http://www.gorillawalker.com/dialogues-conversations-de-facebook-exp-riences-d-un-r-seau.pdf
    • http://www.gorillawalker.com/engineering-flight-test-ah-1g-hueycobra-helicopter-autorotational-entry-characteristics.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-chopin-cambridge-companions-to-music.pdf
    • http://www.gorillawalker.com/light-in-shadow.pdf
    • http://www.gorillawalker.com/elements-of-chemistry-theoretical-and-practical-volume-3.pdf
    • http://www.gorillawalker.com/edge-of-the-sword-the-ordeal-of-carpetbagger-marshall-h.pdf
    • http://www.gorillawalker.com/atlas-of-human-anatomy-quickstudy-books.pdf
    • http://www.gorillawalker.com/miracle-work-a-down-to-earth-guide-to-supernatural-ministries.pdf
    • http://www.gorillawalker.com/revision-de-temas-neuroanatomia-board-review-series-spanish-edition.pdf
    • http://www.gorillawalker.com/complete-harmonica-player.pdf
    • http://www.gorillawalker.com/1099-kids-math-questions-quadrilaterals-flash-card-questions-kindle-edition.pdf
    • http://www.gorillawalker.com/andreuccio-da-perugia-novella-dal-decamerone-facili-letture-italian-edition.pdf
    • http://www.gorillawalker.com/the-mud-pie-dilemma-a-master-potter-s-struggle-to.pdf
    • http://www.gorillawalker.com/cities-and-urban-life-4th-edition.pdf
    • http://www.gorillawalker.com/the-three-greatest-prayers-commentaries-on-the-lord-s-prayer.pdf
    • http://www.gorillawalker.com/christmas-cards.pdf
    • http://www.gorillawalker.com/how-to-survive-a-totally-boring-summer.pdf
    • http://www.gorillawalker.com/complete-foot-book-first-aid-for-your-feet-a-dr.pdf
    • http://www.gorillawalker.com/the-monkey-in-the-mirror-essays-on-the-science-of.pdf
    • http://www.gorillawalker.com/the-right-to-speak-working-with-the-voice-digital.pdf
    • http://www.gorillawalker.com/richard-lander-s-journey-to-sokoto.pdf
    • http://www.gorillawalker.com/enhancing-learning-and-teaching-in-higher-education-engaging-with-the.pdf
    • http://www.gorillawalker.com/introduction-to-thailand-odyssey-guides.pdf
    • http://www.gorillawalker.com/used-honda-nsx-buyer-s-guide-1990-present.pdf
    • http://www.gorillawalker.com/e-learning-uncovered-articulate-studio-09.pdf
    • http://www.gorillawalker.com/history-of-scotland-volume-3-from-the-revolution-of-1689.pdf
    • http://www.gorillawalker.com/drapetomania-a-disease-called-freedom-an-exhibition-of-18th-19th.pdf
    • http://www.gorillawalker.com/between-soft-and-hard-law-the-impact-of-international-social.pdf
    • http://www.gorillawalker.com/drill-and-ceremonies-u-s-army-field-manual-fm-3.pdf
    • http://www.gorillawalker.com/barrio-jos-s-neighborhood.pdf
    • http://www.gorillawalker.com/primary-immunodeficiency-diseases-definition-diagnosis-and-management.pdf
    • http://www.gorillawalker.com/3-meals-in-minutes-delicious-low-cost-dishes-for-your.pdf
    • http://www.gorillawalker.com/fold-your-own-origami-air-force-origami-army.pdf
    • http://www.gorillawalker.com/x-ray-charge-densities-and-chemical-bonding-international-union-of.pdf
    • http://www.gorillawalker.com/the-essene-communions-with-the-infinite.pdf
    • http://www.gorillawalker.com/cerulean-sunrise.pdf
    • http://www.gorillawalker.com/the-enlightened-capitalism-manifesto.pdf
    • http://www.gorillawalker.com/make-love-not-porn-technology-s-hardcore-impact-on-human.pdf
    • http://www.gorillawalker.com/estrella-distante-spanish-edition-paperback.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.