Malicious PDF — malware analysis report

Static analysis result for SHA-256 e81cdf860f35da14…

MALICIOUS

PDF

45.6 KB Created: 2019-03-17 04:02:04 +03:00 Authoring application: Adobe InDesign CS4 (6.0) (via Adobe PDF Library 9.0)
MD5: 4c91527f99e43fe3b21941b56107c39f SHA-1: 0c24edb5ddc5a0c3432c128a0b2a9b486d3dd741 SHA-256: e81cdf860f35da148c041c5dbc558d97b41a1e1cde41b60c4660656ddba5f710
68 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on 'www.gorillawalker.com'. This is indicative of a link farm, likely used for SEO manipulation or to distribute malicious content. The presence of a 'download button' heuristic further suggests a deceptive user interaction is intended. No scripts were extracted, limiting the ability to determine a specific payload or further actions.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beneath-the-pyramids-egypt-s-greatest-secret-uncovered.pdf
    • http://www.gorillawalker.com/a-deadly-game-of-tug-of-war-the-kelsey-smith.pdf
    • http://www.gorillawalker.com/j-hudson-taylor-an-autobiography.pdf
    • http://www.gorillawalker.com/basics-marketing-01-consumer-behaviour.pdf
    • http://www.gorillawalker.com/in-pursuit-of-sir-unicorn.pdf
    • http://www.gorillawalker.com/the-soviet-arts-poster-theatre-cinema-ballet-circus-1917-1987.pdf
    • http://www.gorillawalker.com/practical-spring-ldap-enterprise-java-ldap-development-made-easy-expert.pdf
    • http://www.gorillawalker.com/overcoming-shyness-and-social-phobia-a-step-by-step-guide.pdf
    • http://www.gorillawalker.com/guidelines-for-air-medical-crew-education.pdf
    • http://www.gorillawalker.com/practical-building-conservation.pdf
    • http://www.gorillawalker.com/right-arm-pyomyositis-and-necrotizing-fasciitis-complicated-with-subcutaneous-emphysema.pdf
    • http://www.gorillawalker.com/cases-in-international-relations-pathways-to-conflict-and-cooperation.pdf
    • http://www.gorillawalker.com/hlm-5-hierarchical-linear-and-nonlinear-modeling.pdf
    • http://www.gorillawalker.com/the-dream-in-my-heart-harms-1937-sheet-music-for.pdf
    • http://www.gorillawalker.com/lonely-planet-milan-turin-genoa-lonely-planet-milan-encounter.pdf
    • http://www.gorillawalker.com/introduction-to-the-non-destructive-testing-of-welded-joints-second.pdf
    • http://www.gorillawalker.com/the-hawke-s-lair-the-beginning.pdf
    • http://www.gorillawalker.com/the-astd-management-development-handbook.pdf
    • http://www.gorillawalker.com/mosby-s-essentials-for-nursing-assistants-text-workbook-and-mosby.pdf
    • http://www.gorillawalker.com/harm-to-self-moral-limits-of-the-criminal-law.pdf
    • http://www.gorillawalker.com/a-blake-dictionary-the-ideas-and-symbols-of-william-blake.pdf
    • http://www.gorillawalker.com/mathematics-for-business-plus-new-mymathlab-with-pearson-etext-access.pdf
    • http://www.gorillawalker.com/1001-basic-phrases-english-marathi.pdf
    • http://www.gorillawalker.com/adam-farkas-petitioner-v-texas-instruments-inc-et-al-u.pdf
    • http://www.gorillawalker.com/dignity-character-and-self-respect.pdf
    • http://www.gorillawalker.com/a-paraphrase-on-the-epistle-of-st-paul-to-the.pdf
    • http://www.gorillawalker.com/baptist-hymnal-1956-edition-black-leather-edition.pdf
    • http://www.gorillawalker.com/ancient-egypt-and-mesopotamia-art-world-art-history.pdf
    • http://www.gorillawalker.com/film-als-lekt-re-rainer-werner-fassbinders-adaption-von-alfred.pdf
    • http://www.gorillawalker.com/qu-mica-org-nica-segunda-edici-n-aprenda-haciendo-spanish.pdf
    • http://www.gorillawalker.com/international-management-behavior-global-and-sustainable-leadership.pdf
    • http://www.gorillawalker.com/guinea-pigs-in-our-classroom-rosen-real-readers-stem-and.pdf
    • http://www.gorillawalker.com/fort-llinger-del-en-glad-gut-fiskerjenten-brude-slaatten-norwegian.pdf
    • http://www.gorillawalker.com/golliwog-s-cake-walk-debussy-intermediate-piano-sheet-music-unknown.pdf
    • http://www.gorillawalker.com/health-hints-for-the-tropics-supplement-to-tropical-medicine-and.pdf
    • http://www.gorillawalker.com/literary-companion-series-all-my-sons-paperback-edition.pdf
    • http://www.gorillawalker.com/passenger-name-record-pnr-framework-decision-house-of-lords-paper.pdf
    • http://www.gorillawalker.com/principles-of-mathematical-physics-international-series-in-pure-and-applied.pdf
    • http://www.gorillawalker.com/playground-sweden-english-and-swedish-edition.pdf
    • http://www.gorillawalker.com/turtle-baby-bobber-books.pdf
    • http://www.gorillawalker.com/practical-spring-ldap-enterp
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.