Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0a7865be596f462…

MALICIOUS

PDF

47.1 KB Created: 2018-11-30 20:23:47 +03:00 Authoring application: Adobe InDesign CS (3.0) (via Adobe PDF Library 6.0)
MD5: 83478e8f10340bfa8e68a1efb4d9bacd SHA-1: f75674ce413d34197b5caa93fc1d6f307989ce0f SHA-256: f0a7865be596f462530b5ccd90b966018e595a60a93d185544eda98abaa07f04
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or SEO manipulation tactic. The heuristic 'PDF_SEO_LINK_FARM' strongly suggests this malicious intent. No scripts were extracted, and the document body was not parsable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/colored-pencil-explorations.pdf
    • http://www.gorillawalker.com/budgeting-and-financial-management-for-nurse-managers-jones-bartlett-series.pdf
    • http://www.gorillawalker.com/captain-cook-and-his-exploration-of-the-pacific-great-explorer.pdf
    • http://www.gorillawalker.com/waterfire-saga-book-one-deep-blue-a-waterfire-saga-novel.pdf
    • http://www.gorillawalker.com/learning-web-design-a-beginner-s-guide-to-html-css.pdf
    • http://www.gorillawalker.com/welsh-rugby-captains.pdf
    • http://www.gorillawalker.com/getting-causes-from-powers.pdf
    • http://www.gorillawalker.com/irony-of-time.pdf
    • http://www.gorillawalker.com/china-go-ahead-decision-regarding-joint-venture-construction-of-proposed.pdf
    • http://www.gorillawalker.com/meal-in-a-mug-80-fast-easy-recipes-for-hungry.pdf
    • http://www.gorillawalker.com/archbishop-lamy-in-his-own-words.pdf
    • http://www.gorillawalker.com/sas-clinical-programming-in-18-easy-steps.pdf
    • http://www.gorillawalker.com/autoflohmarkt-und-was-man-da-noch-so-findet-wandkalender-2015.pdf
    • http://www.gorillawalker.com/pirate-trials-the-three-pirates-the-islet-of-the-virgin.pdf
    • http://www.gorillawalker.com/series-7-general-securities-registered-representative.pdf
    • http://www.gorillawalker.com/taking-sides-clashing-views-on-controversial-issues-in-teaching-and.pdf
    • http://www.gorillawalker.com/madrid-pocket-guide-pocket-guides.pdf
    • http://www.gorillawalker.com/jesus-invites-me-to-the-feast-my-first-eucharist-journal.pdf
    • http://www.gorillawalker.com/a-concise-guide-to-the-documents-of-vatican-ii.pdf
    • http://www.gorillawalker.com/mitt-romney-in-his-own-words.pdf
    • http://www.gorillawalker.com/on-war-everyman-s-library-classics-contemporary-classics.pdf
    • http://www.gorillawalker.com/embarazo-y-vitaminas-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-500-u-s-history-questions-volume-1.pdf
    • http://www.gorillawalker.com/the-making-of-a-cybertariat-virtual-work-in-a-real.pdf
    • http://www.gorillawalker.com/risk-management-applications-in-pharmaceutical-and-biopharmaceutical-manufacturing.pdf
    • http://www.gorillawalker.com/houghton-mifflin-social-studies-a-more-perfect-union-level-8.pdf
    • http://www.gorillawalker.com/land-of-the-living.pdf
    • http://www.gorillawalker.com/how-to-survive-and-prosper-as-an-artist-6th-sixth.pdf
    • http://www.gorillawalker.com/2016-gooseberry-patch-appointment-calendar-gooseberry-patch-calendars.pdf
    • http://www.gorillawalker.com/big-ben-for-soprano-recorder-and-piano-eight-easy-pentatonic.pdf
    • http://www.gorillawalker.com/airbrush-action-3-the-best-new-airbrush-illustration.pdf
    • http://www.gorillawalker.com/debugging-the-9-indispensable-rules-for-finding-even-the-most.pdf
    • http://www.gorillawalker.com/diablo-ii-tabletop-rpg-box-set-dungeons-dragons.pdf
    • http://www.gorillawalker.com/wild-wolf-claiming-mills-boon-nocturne.pdf
    • http://www.gorillawalker.com/bring-it-sabel-security-thrillers-volume-2.pdf
    • http://www.gorillawalker.com/new-objectivity-modern-german-art-in-the-weimar-republic-1919.pdf
    • http://www.gorillawalker.com/shadow-type-classic-three-dimensional-lettering.pdf
    • http://www.gorillawalker.com/the-woman-on-the-farm-a-bibliography-presented-in-partial.pdf
    • http://www.gorillawalker.com/sing-out-loud-book-i-discovering-your-voice-paperback.pdf
    • http://www.gorillawalker.com/the-environmental-dilemma-optimism-or-despair-an-interdisciplinary-analysis-of.pdf
    • http://www.gorillawalker.com/getting
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.