Malicious PDF — malware analysis report

Static analysis result for SHA-256 f2e0e156f7e0bacb…

MALICIOUS

PDF

33.3 KB Created: 2020-02-19 09:30:03 +03:00 Authoring application: Word (via Mac OS X 10.7.5 Quartz PDFContext)
MD5: 8c72ec295b83c10d4a4529db06082069 SHA-1: a663327cd59920755fb5d1cf4d6284f9f8abf1fc SHA-256: f2e0e156f7e0bacbe37c0f8a2750379885b48cf052d7f6d759f98a82c6df3059
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain www.gorillawalker.com. This is indicative of a link farm or a distribution mechanism for potentially malicious content. The heuristic PDF_SEO_LINK_FARM specifically flags this behavior. No scripts were extracted, and the document body was not parsable, limiting further analysis of the immediate intent beyond the URL distribution.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-dog-of-flanders-illustrated.pdf
    • http://www.gorillawalker.com/star-trek-the-next-generation-doctor-who-assimilation-2-volume.pdf
    • http://www.gorillawalker.com/autoimmune-eating-guide-a-paleo-approach-to-reversing-autoimmune-symptoms.pdf
    • http://www.gorillawalker.com/shower-of-gold-girls-and-women-in-the-stories-of.pdf
    • http://www.gorillawalker.com/appointment-of-judges-the-johnson-presidency-administrative-history-of-the.pdf
    • http://www.gorillawalker.com/decided-the-wife-slave-series-jake-robin-book-1.pdf
    • http://www.gorillawalker.com/learning-mysql-and-mariadb-heading-in-the-right-direction-with.pdf
    • http://www.gorillawalker.com/artifacts-origins-first-born-tp.pdf
    • http://www.gorillawalker.com/before-white-night.pdf
    • http://www.gorillawalker.com/werner-s-reading-and-recitations-no-31-halloween-festivities-kindle.pdf
    • http://www.gorillawalker.com/bright-sword-of-ireland.pdf
    • http://www.gorillawalker.com/the-columbia-guide-to-the-literature-of-eastern-europe-since.pdf
    • http://www.gorillawalker.com/flyfisher-s-guide-to-oregon-the-wilderness-adventures-flyfisher-s.pdf
    • http://www.gorillawalker.com/noah-webster-the-life-and-times-of-an-american-patriot.pdf
    • http://www.gorillawalker.com/assassins-left-behind-book-6-kindle-edition.pdf
    • http://www.gorillawalker.com/quantum-enigma-physics-encounters-consciousness.pdf
    • http://www.gorillawalker.com/hef-s-little-black-book.pdf
    • http://www.gorillawalker.com/moon-san-juan-vieques-culebra-moon-handbooks.pdf
    • http://www.gorillawalker.com/family-guide-to-minnesota-s-north-shore-family-travel.pdf
    • http://www.gorillawalker.com/aws-scripted-how-to-automate-the-deployment-of-secure-and.pdf
    • http://www.gorillawalker.com/dibujo-y-diseno-en-ingenieria-spanish-edition.pdf
    • http://www.gorillawalker.com/responding-to-crisis-in-contemporary-mexico-the-political-writings-of.pdf
    • http://www.gorillawalker.com/apocalypse-a-spiritual-guide-to-the-second-coming.pdf
    • http://www.gorillawalker.com/the-energy-index-cardio-vascular-energy-as-indicated-by-the.pdf
    • http://www.gorillawalker.com/something-to-prove-the-story-of-hockey-tough-guy-bobby.pdf
    • http://www.gorillawalker.com/laughter-and-the-sense-of-humor-theories-of-human-laughter.pdf
    • http://www.gorillawalker.com/scams-other-tricky-things-forewarned-is-forearmed-kindle-edition.pdf
    • http://www.gorillawalker.com/prophetic-operations-a-journey-into-the-world-of-the-prophets.pdf
    • http://www.gorillawalker.com/diary-of-an-evil-encourager-part-1.pdf
    • http://www.gorillawalker.com/commercial-agency-agreements-law-and-practice-digital.pdf
    • http://www.gorillawalker.com/commentary-on-the-paris-convention-for-the-protection-of-industrial.pdf
    • http://www.gorillawalker.com/comforting-touch-touch-series-book-5.pdf
    • http://www.gorillawalker.com/dating-dracula-jr.pdf
    • http://www.gorillawalker.com/rand-mcnally-children-s-atlas-of-world-history.pdf
    • http://www.gorillawalker.com/first-time-mm-erotica-bundle.pdf
    • http://www.gorillawalker.com/student-s-guide-to-the-bible.pdf
    • http://www.gorillawalker.com/how-to-feed-your-whole-family-a-healthy-balanced-diet.pdf
    • http://www.gorillawalker.com/a-pocket-history-of-ireland.pdf
    • http://www.gorillawalker.com/the-german-euthanasia-program-excepts-from-a-sign-for-cain.pdf
    • http://www.gorillawalker.com/the-man-who-made-things-out-of-trees.pdf
    • http://www.gorillawalker.com/the-columbia-guide-to-the-literature
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.