Malicious PDF — malware analysis report

Static analysis result for SHA-256 ed9f857c14a4b0b3…

MALICIOUS

PDF

47.2 KB Created: 2019-03-17 11:02:32 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 8.1.0 (Windows))
MD5: 51f4baf8e487e6d4dd3733b464628f31 SHA-1: 1dff73ad5e7e4a4ada5582ef4d036e20dd2ea1af SHA-256: ed9f857c14a4b0b3edd199d0abeb8fb98ac2242aa6522165f254b0827bab181d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links all point to PDFs hosted on www.gorillawalker.com. The document body is heavily obfuscated and does not provide clear user-facing content, suggesting its primary purpose is not informational but rather to facilitate the distribution of these linked resources. The embedded URLs are the primary indicators of malicious activity.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/structural-geology-and-stratigraphy-of-the-huntington-area-massachussets-contribution.pdf
    • http://www.gorillawalker.com/biometrics-computer-security-systems-and-artificial-intelligence-applications.pdf
    • http://www.gorillawalker.com/brief-counseling-that-works-a-solution-focused-approach-for-school.pdf
    • http://www.gorillawalker.com/conquered-by-the-highlander-the-conquered-bride-series-book-1.pdf
    • http://www.gorillawalker.com/reprint-jan-1937-yearbook-central-high-school-south-bend-indiana.pdf
    • http://www.gorillawalker.com/rats-observations-on-the-history-and-habitat-of-the-city.pdf
    • http://www.gorillawalker.com/reisen-in-vergangene-gegenwart-geschichte-und-geschichtlichkeit-der-nicht-europaer.pdf
    • http://www.gorillawalker.com/lol-commedia-dell-arte-ten-scenarios-for-adventurous-actors.pdf
    • http://www.gorillawalker.com/the-goose-that-laid-the-golden-egg-and-other-fables.pdf
    • http://www.gorillawalker.com/game-book-the-a-shooting-anthology.pdf
    • http://www.gorillawalker.com/russia-and-postmodern-deterrence-military-power-and-its-challenges-for.pdf
    • http://www.gorillawalker.com/new-directions-in-arthurian-studies.pdf
    • http://www.gorillawalker.com/statistics-explained.pdf
    • http://www.gorillawalker.com/accounting-and-stock-markets-a-study-of-swedish-accounting-for.pdf
    • http://www.gorillawalker.com/striking-a-balance-a-guide-to-enhancing-the-effectiveness-of.pdf
    • http://www.gorillawalker.com/beyond-integrity-a-judeo-christian-approach-to-business-ethics-3rd.pdf
    • http://www.gorillawalker.com/hearst-s-san-simeon-the-gardens-and-the-land.pdf
    • http://www.gorillawalker.com/industrial-painting-instructor-s-guide.pdf
    • http://www.gorillawalker.com/snowboarding-transworld-november-2007.pdf
    • http://www.gorillawalker.com/historias-de-inmigracion-testimonios-de-pasion-amor-y-arraigo-en.pdf
    • http://www.gorillawalker.com/the-mystery-at-darcy-s-discount-store-gracie-s-mysteries.pdf
    • http://www.gorillawalker.com/vaginal-hysterectomy.pdf
    • http://www.gorillawalker.com/break-through-from-the-death-of-environmentalism-to-the-politics.pdf
    • http://www.gorillawalker.com/homestyle-japanese-cooking-in-pictures.pdf
    • http://www.gorillawalker.com/poetic-songs-of-modern-africa.pdf
    • http://www.gorillawalker.com/under-the-hill-bomber-s-moon.pdf
    • http://www.gorillawalker.com/entrepreneurship-4th-edition.pdf
    • http://www.gorillawalker.com/time-series-analysis-encyclopaedia-of-mathematical-sciences.pdf
    • http://www.gorillawalker.com/grace-livingston-hill-collection-no-5.pdf
    • http://www.gorillawalker.com/garden-decoration-2016-brosch-renkalender.pdf
    • http://www.gorillawalker.com/the-nature-of-suffering-and-the-goals-of-medicine-2nd.pdf
    • http://www.gorillawalker.com/where-are-the-customer-s-yachts-or-a-good-hard.pdf
    • http://www.gorillawalker.com/let-s-go-2000-france-the-world-s-bestselling-budget.pdf
    • http://www.gorillawalker.com/draugr-northern-frights-victoria-b-c.pdf
    • http://www.gorillawalker.com/sedimentation-tectonics-and-eustasy-special-publication-12-of-the-ias.pdf
    • http://www.gorillawalker.com/a-critical-survey-of-indian-philosophy-by-chandradhar-sharma-published.pdf
    • http://www.gorillawalker.com/venus-in-the-cloister-or-the-nun-in-her-smock.pdf
    • http://www.gorillawalker.com/hot-topics-flashcards-for-passing-the-pmp-and-capm-exam.pdf
    • http://www.gorillawalker.com/the-chinese-brush-painting-bible-over-200-motifs-with-step.pdf
    • http://www.gorillawalker.com/the-hannelack-fanny-or-how-i-learned-to-stop-worrying.pdf
    • http://www.gorillawalker.com/brief-counseling-that
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.