Malicious PDF — malware analysis report

Static analysis result for SHA-256 eb294f3cf7ff749a…

MALICIOUS

PDF

45.2 KB Created: 2018-11-15 18:32:49 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: 82df4925711dc26ce79eb66790a08c5a SHA-1: 481ba6c586058e83cdbc8a6a0084304f3a5fd2ae SHA-256: eb294f3cf7ff749a88c9f5045d3b2050a940b2d1ca036f26809df552c90eddb9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a heuristic firing for a 'PDF_SEO_LINK_FARM', indicating the presence of numerous external links. The document body, though heavily obfuscated, contains references to URLs hosted on 'gorillawalker.com'. These links point to various PDF files, suggesting a coordinated effort to manipulate search engine results or distribute content from a central location. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-low-carb-myth-free-yourself-from-carb-myths-and.pdf
    • http://www.gorillawalker.com/eleanor-roosevelt-activist-for-social-change-great-life-stories-social.pdf
    • http://www.gorillawalker.com/promised-marriage-in-aboriginal-society-reference-on-aboriginal-customary-law.pdf
    • http://www.gorillawalker.com/the-puzzle-post-puzzles-on-the-go-workout-challenge.pdf
    • http://www.gorillawalker.com/composing-myself-a-passage-through-postpartum-depression.pdf
    • http://www.gorillawalker.com/handbook-of-reinsurance-law.pdf
    • http://www.gorillawalker.com/low-carb-one-pot-cookbook-quick-and-easy-recipes-in.pdf
    • http://www.gorillawalker.com/the-skinny-blend-active-personal-blender-recipe-book-great-tasting.pdf
    • http://www.gorillawalker.com/reference-book-of-american-business-utah-third-quarter.pdf
    • http://www.gorillawalker.com/readers-theatre-handbook-a-dramatic-approach-to-literature.pdf
    • http://www.gorillawalker.com/the-cosmic-connection-an-extraterrestrial-perspective.pdf
    • http://www.gorillawalker.com/bridge-technique-8-defensive-signaling.pdf
    • http://www.gorillawalker.com/el-hombre-mas-rico-de-babilonia-spanish-edition.pdf
    • http://www.gorillawalker.com/student-suppport-benefits-handbook-scotland-2004-05.pdf
    • http://www.gorillawalker.com/hausdorff-on-ordered-sets-history-of-mathematics-history-of-mathematics.pdf
    • http://www.gorillawalker.com/memory-your-annual-guide-to-alzheimer-s-disease-and-dementia.pdf
    • http://www.gorillawalker.com/dalit-literatures-in-india.pdf
    • http://www.gorillawalker.com/the-four-ancient-books-of-wales-containing-the-cymric-poems.pdf
    • http://www.gorillawalker.com/wildlife-and-woodlot-management-a-comprehensive-handbook-for-food-plot.pdf
    • http://www.gorillawalker.com/hot-blooded-a-bentz-montoya-novel.pdf
    • http://www.gorillawalker.com/kultus-thaddeus-blaklok.pdf
    • http://www.gorillawalker.com/media-law-in-australia.pdf
    • http://www.gorillawalker.com/after-the-fact-volume-i-the-art-of-historical-detection.pdf
    • http://www.gorillawalker.com/atentado-del-autor-best-seller-de-la-trilog-a-ira.pdf
    • http://www.gorillawalker.com/good-kids-from-bad-neighborhoods-successful-development-in-social-context.pdf
    • http://www.gorillawalker.com/warren-buffett-23-simply-amazing-secrets-of-warren-buffett-for.pdf
    • http://www.gorillawalker.com/on-the-effects-of-the-attitudes-toward-risk-and-corporate.pdf
    • http://www.gorillawalker.com/the-paths-of-inland-commerce-a-chronicle-of-trail-road.pdf
    • http://www.gorillawalker.com/potty-time-lift-the-flap-book.pdf
    • http://www.gorillawalker.com/windham-hill-piano-sampler-piano-solo.pdf
    • http://www.gorillawalker.com/in-search-of-pegasus-the-canadian-airborne-experience-1942-1999.pdf
    • http://www.gorillawalker.com/six-sigma-for-small-business.pdf
    • http://www.gorillawalker.com/physics-for-scientists-and-engineers-chapters-1-39-available-2010.pdf
    • http://www.gorillawalker.com/machu-picchu-the-history-and-mystery-of-the-incan-city.pdf
    • http://www.gorillawalker.com/eco-conception-web-les-115-bonnes-pratiques-doper-son-site.pdf
    • http://www.gorillawalker.com/bible-coloring-and-activity-fun.pdf
    • http://www.gorillawalker.com/ergonomic-design-for-people-at-work.pdf
    • http://www.gorillawalker.com/call-me-ixchel-mayan-goddess-of-the-moon-a-treasury.pdf
    • http://www.gorillawalker.com/graffiti-glossary-kindle-edition.pdf
    • http://www.gorillawalker.com/lo-esencial-en-sistema-cardiovascular-studentconsult-en-espa.pdf
    • http://www.gorillawalker.com/the-puzzle-post-puzzles-on-the-go-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.