Malicious PDF — malware analysis report

Static analysis result for SHA-256 e9595fb093de02ba…

MALICIOUS

PDF

43.0 KB Created: 2019-03-17 07:05:25 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.02 Paper Capture Plug-in)
MD5: 870ab720dd5d6309531a52eac388c81d SHA-1: b518b4e2205e7b8c572ca55c87f937c6d4ca68ca SHA-256: e9595fb093de02ba8c4cd1f01986b4fab867bcc25ce890ed381c504778650933
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This is indicative of a link farm, likely used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. No scripts were extracted from this sample, and the document body was heavily obfuscated.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gone-gone-gone.pdf
    • http://www.gorillawalker.com/nephrotic-syndrome-contemporary-issues-in-nephrology.pdf
    • http://www.gorillawalker.com/god-and-money-what-does-the-bible-say-about-money.pdf
    • http://www.gorillawalker.com/bible-exposition-commentary-old-testament-history-bible-knowledge.pdf
    • http://www.gorillawalker.com/telescopes-you-can-build.pdf
    • http://www.gorillawalker.com/the-curious-history-of-relativity-how-einstein-s-theory-of.pdf
    • http://www.gorillawalker.com/sonaten-fur-klavier-zu-zwei-handen-nach-dem-urtext-neu.pdf
    • http://www.gorillawalker.com/alpha-male-unlocking-the-alpha-male-power-secret-to-achieving.pdf
    • http://www.gorillawalker.com/coriolanus-shakespeare-in-performance.pdf
    • http://www.gorillawalker.com/beyond-reason-bipolarity-suicide-heaven-love-letting-go-kindle-edition.pdf
    • http://www.gorillawalker.com/penguin-book-of-canadian-cryptic-crosswords.pdf
    • http://www.gorillawalker.com/dk-eyewitness-top-10-travel-guide-mexico-city-mexico-city.pdf
    • http://www.gorillawalker.com/vehicle-thermal-management-systems-conference-and-exhibition-vtms10.pdf
    • http://www.gorillawalker.com/a-portrait-of-an-artist-as-a-young-man-modern.pdf
    • http://www.gorillawalker.com/at-last-comes-love-huxtable-series.pdf
    • http://www.gorillawalker.com/mathematical-control-theory-an-introduction-modern-birkh-user-classics.pdf
    • http://www.gorillawalker.com/llewellyn-s-tarot-reader-2005.pdf
    • http://www.gorillawalker.com/christendom-destroyed-europe-1517-1648-the-penguin-history-of-europe.pdf
    • http://www.gorillawalker.com/the-children-s-illustrated-polish-dictionary-english-polish-polish-english.pdf
    • http://www.gorillawalker.com/casebook-in-child-and-adolescent-treatment-cultural-and-familial-contexts.pdf
    • http://www.gorillawalker.com/wiley-cia-exam-review-2013-internal-audit-knowledge-elements-part.pdf
    • http://www.gorillawalker.com/brother-james-air-handbell-sheet-music-handbell-3-octaves.pdf
    • http://www.gorillawalker.com/gastrointestinal-motility-disorders-seminars-in-pediatric-surgery-volume-18-number.pdf
    • http://www.gorillawalker.com/quartette-from-rigoletto-opera-vocal-and-pianoforte-sheet-music.pdf
    • http://www.gorillawalker.com/surgical-approaches-to-the-foot-and-ankle.pdf
    • http://www.gorillawalker.com/triksta-life-and-death-and-new-orleans-rap.pdf
    • http://www.gorillawalker.com/breakdown-violence-in-search-of-u-you-turn.pdf
    • http://www.gorillawalker.com/transgender-xxx-cumslut-kindle-edition.pdf
    • http://www.gorillawalker.com/juran-s-quality-management-and-analysis.pdf
    • http://www.gorillawalker.com/itazura-na-kiss-volume-4.pdf
    • http://www.gorillawalker.com/problems-on-mapping-class-groups-and-related-topics-proceedings-of.pdf
    • http://www.gorillawalker.com/quinceanera.pdf
    • http://www.gorillawalker.com/destination-branding-for-small-cities-second-edition.pdf
    • http://www.gorillawalker.com/xue-shu-si-xiang-ping-lun-mandarin-chinese-edition.pdf
    • http://www.gorillawalker.com/standards-in-absorption-spectrometry-techniques-in-visible-and-ultraviolet-spectrometry.pdf
    • http://www.gorillawalker.com/the-oxford-illustrated-history-of-medieval-england-oxford-illustrated-histories.pdf
    • http://www.gorillawalker.com/day-trips-from-albuquerque-getaway-ideas-for-the-local-traveler.pdf
    • http://www.gorillawalker.com/daddy-s-girl-cape-high-book-five-cape-high-series.pdf
    • http://www.gorillawalker.com/kumbh-mela-january-2013-mapping-the-ephemeral-mega-city.pdf
    • http://www.gorillawalker.com/two-against-one-an-interracial-cheating-forced-cuckold-story-black.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.