Malicious PDF — malware analysis report

Static analysis result for SHA-256 ebf05dcf6289b6c8…

MALICIOUS

PDF

42.0 KB Created: 2018-11-30 01:49:25 +03:00 Authoring application: Writer (via OpenOffice.org 2.0.3)
MD5: 59c5ce9f79b0e540e12fef30f8e0a253 SHA-1: d892268294dcdc00bb7238aa9891feace7d022b2 SHA-256: ebf05dcf6289b6c89547edb9c6311d1e785fea20b0169b44a43d157fc52b8601
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large number of embedded external links, specifically pointing to PDFs hosted on www.gorillawalker.com. This suggests a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links and the PDF structure indicate a malicious intent to direct users to external resources, potentially for phishing or malware distribution. The document body was not sufficiently readable to provide further context.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/quantitative-methods-for-business-5th-edition.pdf
    • http://www.gorillawalker.com/the-flavor-of-favor-quest-for-the-american-dream-a.pdf
    • http://www.gorillawalker.com/life-after-you-burnt-ashes-volume-1.pdf
    • http://www.gorillawalker.com/the-guide-to-best-european-business-schools.pdf
    • http://www.gorillawalker.com/survivors-great-open-boat-voyages.pdf
    • http://www.gorillawalker.com/technical-skills-for-adventure-programming-a-curriculum-guide.pdf
    • http://www.gorillawalker.com/the-life-cycle-of-a-fern.pdf
    • http://www.gorillawalker.com/enforcing-intellectual-property-rights.pdf
    • http://www.gorillawalker.com/tramping-through-mexico-guatemala-and-honduras-being-the-random-notes.pdf
    • http://www.gorillawalker.com/the-sorcerer-s-apprentice-how-medical-imaging-is-changing-health.pdf
    • http://www.gorillawalker.com/redefining-rethink-repattern-and-recreate-yourself-capital-cares.pdf
    • http://www.gorillawalker.com/first-in-an-insider-s-account-of-how-the-cia.pdf
    • http://www.gorillawalker.com/designing-and-conducting-mixed-methods-research-electronic-version.pdf
    • http://www.gorillawalker.com/beyond-the-big-ditch-politics-ecology-and-infrastructure-at-the.pdf
    • http://www.gorillawalker.com/orientalists-western-artists-in-arabia-the-sahara-persia-and.pdf
    • http://www.gorillawalker.com/collected-works-of-charlotte-wolff-the-hand-in-psychological-diagnosis.pdf
    • http://www.gorillawalker.com/top-healthy-and-nutritious-raw-superfood-cookbook-the-secret-superfoods.pdf
    • http://www.gorillawalker.com/the-shark-handbook-the-essential-guide-for-understanding-and-identifying.pdf
    • http://www.gorillawalker.com/images-of-singapore.pdf
    • http://www.gorillawalker.com/all-the-things-you-are-transcriptions-and-in-depth-analysis.pdf
    • http://www.gorillawalker.com/les-blancs.pdf
    • http://www.gorillawalker.com/words-and-calligraphy-for-children.pdf
    • http://www.gorillawalker.com/spinal-cord-infarction-an-entry-from-thomson-gale-s-gale.pdf
    • http://www.gorillawalker.com/seeing-voices.pdf
    • http://www.gorillawalker.com/nanotechnology-for-water-treatment-and-purification-lecture-notes-in-nanoscale.pdf
    • http://www.gorillawalker.com/1-chronicles-tyndale-old-testament-commentaries.pdf
    • http://www.gorillawalker.com/customer-data-integration-reaching-a-single-version-of-the-truth.pdf
    • http://www.gorillawalker.com/chinese-music-introductions-to-chinese-culture.pdf
    • http://www.gorillawalker.com/discovering-pirates.pdf
    • http://www.gorillawalker.com/japan-the-beauty-of-food.pdf
    • http://www.gorillawalker.com/akwaaba-a-taste-of-ghana.pdf
    • http://www.gorillawalker.com/atlas-of-the-world-s-deserts-ecosystems.pdf
    • http://www.gorillawalker.com/hexen-sexparty-2-ein-schmerz-und-eine-seele-von-luna.pdf
    • http://www.gorillawalker.com/out-of-the-woods-healing-lyme-disease-body-mind-and.pdf
    • http://www.gorillawalker.com/the-resurrection-of-christ-a-historical-inquiry.pdf
    • http://www.gorillawalker.com/the-other-quiet-revolution-national-identities-in-english-canada-1945.pdf
    • http://www.gorillawalker.com/the-beauty-detox-power-nourish-your-mind-and-body-for.pdf
    • http://www.gorillawalker.com/anglican-churches-in-colonial-south-carolina.pdf
    • http://www.gorillawalker.com/he-s-still-coming.pdf
    • http://www.gorillawalker.com/high-life.pdf
    • http://www.gorillawalker.com/technical-skills
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.