Malicious PDF — malware analysis report

Static analysis result for SHA-256 26bf0cf25b669ae6…

MALICIOUS

PDF

43.1 KB Created: 2018-12-15 08:52:33 +03:00 Authoring application: FineReader (via -)
MD5: 3a839e3d7b02415ef6f44865058dea49 SHA-1: 6bef9722d4e62cd01c4d8a05494a8180daf073dc SHA-256: 26bf0cf25b669ae6fd771f8198ed1b2fbd2ca8b247cb569345e0aefda8d1ba69
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, primarily hosted on www.gorillawalker.com. This technique is often used to create a link farm for SEO manipulation or to distribute malicious content indirectly. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/shade-s-children.pdf
    • http://www.gorillawalker.com/primer-of-modern-analysis-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/lily-s-lucky-leotard-my-first-graphic-novel.pdf
    • http://www.gorillawalker.com/the-new-radicalism-in-america-1889-1963-the-intellectual-as.pdf
    • http://www.gorillawalker.com/great-western-no-10-comic-book-edition-of-classic-western.pdf
    • http://www.gorillawalker.com/elsevier-adaptive-learning-for-pharmacology-and-the-nursing-process-access.pdf
    • http://www.gorillawalker.com/new-jersey-a-guide-to-its-present-and-past.pdf
    • http://www.gorillawalker.com/politics-and-government-in-ancient-egypt-primary-sources-of-ancient.pdf
    • http://www.gorillawalker.com/pablo-picasso-great-artists.pdf
    • http://www.gorillawalker.com/concrete-park-volume-1.pdf
    • http://www.gorillawalker.com/bruges-and-its-beauties-3.pdf
    • http://www.gorillawalker.com/mean-value-theorms-and-functional-equations.pdf
    • http://www.gorillawalker.com/photograph-51.pdf
    • http://www.gorillawalker.com/steam-turbines-for-modern-fossil-fuel-power-plants.pdf
    • http://www.gorillawalker.com/montgomery-bus-boycott-and-the-women-who-started-it-the.pdf
    • http://www.gorillawalker.com/venom-and-vengeance-the-young-merlin-series-book-2-kindle.pdf
    • http://www.gorillawalker.com/illustrated-lecture-notes-in-oral-maxillofacial-surgery-hardcover-2008-author.pdf
    • http://www.gorillawalker.com/the-legacy-builder-five-foundational-principles-that-work-in-sports.pdf
    • http://www.gorillawalker.com/the-sounds-of-spanish-with-audio-cd.pdf
    • http://www.gorillawalker.com/elementary-number-theory-1st-edition.pdf
    • http://www.gorillawalker.com/shades-of-tulle-add-depth-and-dimension-to-your-fabric.pdf
    • http://www.gorillawalker.com/harvard-medical-school-guide-to-men-s-health-lessons-from.pdf
    • http://www.gorillawalker.com/city-of-mdina-and-rabat-welcome-travel-guide.pdf
    • http://www.gorillawalker.com/hot-art-chasing-thieves-and-detectives-through-the-secret-world.pdf
    • http://www.gorillawalker.com/lucy-out-of-bounds-faithgirlz-tm-a-lucy-novel.pdf
    • http://www.gorillawalker.com/thawing-childhood-abandonment-issues.pdf
    • http://www.gorillawalker.com/younger-brain-sharper-mind-a-6-step-plan-for-preserving.pdf
    • http://www.gorillawalker.com/ap-european-history-premium-edition-flashcard-book-1st-first-edition.pdf
    • http://www.gorillawalker.com/healthy-recipes-for-babies-kindle-edition.pdf
    • http://www.gorillawalker.com/max-weber-an-intellectual-portrait.pdf
    • http://www.gorillawalker.com/graphic-design-the-new-basics.pdf
    • http://www.gorillawalker.com/colecci-n-de-documentos-in-ditos-para-la-historia-de.pdf
    • http://www.gorillawalker.com/pontormo-and-rosso-fiorentino-diverging-paths-of-mannerism.pdf
    • http://www.gorillawalker.com/a-multi-disciplinary-approach-to-managing-ehlers-danlos-type-iii.pdf
    • http://www.gorillawalker.com/the-challenge-of-sustaining-soils-natural-and-social-ramifications-of.pdf
    • http://www.gorillawalker.com/natur-und-geist-vorlesungen-sommersemester-1927-husserliana-edmund-husserl-gesammelte.pdf
    • http://www.gorillawalker.com/fia-recording-financial-transactions-fa1-i-pass.pdf
    • http://www.gorillawalker.com/out-here-at-the-front-the-world-war-i-letters.pdf
    • http://www.gorillawalker.com/aca-trans-america-bicycle-trail-9-girard-ks-to-murphysboro.pdf
    • http://www.gorillawalker.com/summary-marketing-warfare-al-ries-jack-trout-how-corporations-are.pdf
    • http://www.gorillawalker.com/new-jerse
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.