Malicious PDF — malware analysis report

Static analysis result for SHA-256 f6d282d35c392184…

MALICIOUS

PDF

43.2 KB Created: 2019-03-16 15:23:58 +03:00 Authoring application: Adobe Acrobat 7.05 (via Adobe Acrobat 7.05 Paper Capture Plug-in)
MD5: 5aca7859e09850248fe58ba71a53ede9 SHA-1: 7a492d7c2bd6d336386bd94ebf7065167ed11c74 SHA-256: f6d282d35c3921849ea4f14769a4d1bc534ce5ef3face470e8506589189a9d30
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file exhibits a 'SEO Link Farm' heuristic, indicating a large number of embedded external links. The document body confirms the presence of these links, all pointing to PDFs hosted on www.gorillawalker.com. This suggests a tactic to manipulate search engine results or to serve as a redirection mechanism for users. No scripts were extracted, and the primary malicious activity appears to be the mass linking.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/way-of-the-poker-warrior-a-black-belt-s-guide.pdf
    • http://www.gorillawalker.com/the-magic-pattern-book-sew-6-patterns-into-36-different.pdf
    • http://www.gorillawalker.com/trigo-sarraceno-o-alforf-n-grado-de-informaci-n-y.pdf
    • http://www.gorillawalker.com/bench-work-in-wood-a-course-of-study-and-practice.pdf
    • http://www.gorillawalker.com/twenty-poems-english-and-russian-edition.pdf
    • http://www.gorillawalker.com/piano-sonata-in-b-flat-op-106-no-29-signature.pdf
    • http://www.gorillawalker.com/what-it-means-to-be-a-cougar-lavell-edwards-bronco.pdf
    • http://www.gorillawalker.com/veracity-video-vignettes-dvd-volume-2-life-faith-discuss.pdf
    • http://www.gorillawalker.com/die-suche-nach-leben-auf-dem-mars-german-edition.pdf
    • http://www.gorillawalker.com/dance-a-while-handbook-for-folk-square-contra-and-social.pdf
    • http://www.gorillawalker.com/sulfur-sparks-of-life.pdf
    • http://www.gorillawalker.com/album-leaves-albumblatter-opus-124-piano-sheet-music-folio-henle.pdf
    • http://www.gorillawalker.com/mystical-cat-island.pdf
    • http://www.gorillawalker.com/the-penguin-book-of-scottish-verse-penguin-classics.pdf
    • http://www.gorillawalker.com/pretty-hurts-kindle-edition.pdf
    • http://www.gorillawalker.com/children-s-book-the-prince-and-his-dragon-magical-rhyming.pdf
    • http://www.gorillawalker.com/telemarketing-immobiliare-115-script-per-agenti-immobiliari-professionali-manuali-italian.pdf
    • http://www.gorillawalker.com/2016-moments-wall-calendar.pdf
    • http://www.gorillawalker.com/basic-chemistry-4th-edition.pdf
    • http://www.gorillawalker.com/a-little-maid-of-maryland.pdf
    • http://www.gorillawalker.com/staples-and-beyond-selected-writings-of-mel-watkins-carleton-library.pdf
    • http://www.gorillawalker.com/first-hundred-words-in-polish.pdf
    • http://www.gorillawalker.com/hypnotized-mind-controlled-sluts-mk-ultra-monarch-programming-sex-slave.pdf
    • http://www.gorillawalker.com/spain-travel-through.pdf
    • http://www.gorillawalker.com/metamorphosis-the-fiber-art-of-judith-scott.pdf
    • http://www.gorillawalker.com/introduction-dance-and-furioso-for-solo-alto-saxophone.pdf
    • http://www.gorillawalker.com/the-imagineering-workout.pdf
    • http://www.gorillawalker.com/bolivia-peru-michael-s-guide.pdf
    • http://www.gorillawalker.com/the-becoming-a-chef-journal.pdf
    • http://www.gorillawalker.com/the-handbook-of-evolutionary-economic-geography-elgar-original-reference.pdf
    • http://www.gorillawalker.com/the-complete-snowboarder.pdf
    • http://www.gorillawalker.com/30-recetas-con-tomate-cocina-con-forma-spanish-edition.pdf
    • http://www.gorillawalker.com/glimpses-of-paradise.pdf
    • http://www.gorillawalker.com/other-people-s-children-the-battle-for-justice-and-equality.pdf
    • http://www.gorillawalker.com/secrets-of-the-secret-place-companion-study-guide-for-personal.pdf
    • http://www.gorillawalker.com/maxwell-s-demon-entropy-information-computing-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/dancing-with-the-enemy-my-family-146-s-holocaust-secret.pdf
    • http://www.gorillawalker.com/plant-clinic-handbook-imi-technical-handbooks.pdf
    • http://www.gorillawalker.com/time-saver-standards-for-architectural-design-data-fifth-edition.pdf
    • http://www.gorillawalker.com/2010-poet-s-market.pdf
    • http://www.gorillawalker.com/die-suche-nach-leb
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.