Malicious PDF — malware analysis report

Static analysis result for SHA-256 28c1c305266e0776…

MALICIOUS

PDF

42.7 KB Created: 2018-11-23 21:09:25 +03:00 Authoring application: Adobe InDesign CS3 (5.0.3) (via Adobe PDF Library 8.0)
MD5: 51c4256f48196d289df3e5fe1dc1a8f2 SHA-1: 535b85ef8900fa491e9d2d1e3ab25cf6e260faf3 SHA-256: 28c1c305266e0776d7c0aeb32c141c458c1f5be245551c8f46c728b1f0e3e462
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the embedded URLs point to a variety of topics, indicating a broad attempt to attract traffic or distribute content. The heuristic specifically mentions a 'link farm', which is a common technique for SEO manipulation.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ketogenic-diet-7-day-low-carb-ketogenic-diet-meal-plan.pdf
    • http://www.gorillawalker.com/america-s-history-for-the-ap-course.pdf
    • http://www.gorillawalker.com/what-is-said-and-what-is-not-the-semantics-pragmatics.pdf
    • http://www.gorillawalker.com/undiscovered-kindle-edition.pdf
    • http://www.gorillawalker.com/financial-accounting-a-focus-on-interpretation-and-analysis.pdf
    • http://www.gorillawalker.com/identitat-und-differenz.pdf
    • http://www.gorillawalker.com/how-to-do-magic-magic-tricks-tutorial-magic-card-tricks.pdf
    • http://www.gorillawalker.com/are-we-all-scientific-experts-now.pdf
    • http://www.gorillawalker.com/cooking-with-japanese-foods-a-guide-to-the-traditional-natural.pdf
    • http://www.gorillawalker.com/the-lord-of-the-rings-for-easy-piano.pdf
    • http://www.gorillawalker.com/general-store-a-village-store-in-1902-blue-earth-living.pdf
    • http://www.gorillawalker.com/bar-graphs-21st-century-basic-skills-library.pdf
    • http://www.gorillawalker.com/aldana.pdf
    • http://www.gorillawalker.com/confessions-of-a-prepper-how-to-plan-and-protect-your.pdf
    • http://www.gorillawalker.com/ya-no-quiero-ir-a-la-escuela-todo-sobre-el.pdf
    • http://www.gorillawalker.com/semiconductor-device-physics.pdf
    • http://www.gorillawalker.com/let-me-come-in-an-illustrated-christmas-story-in-rhyme.pdf
    • http://www.gorillawalker.com/nutrition-in-promoting-the-public-s-health-strategies-principles-and.pdf
    • http://www.gorillawalker.com/antique-trader-tools-price-guide.pdf
    • http://www.gorillawalker.com/the-high-priest-s-daughter-the-network-series-book-3.pdf
    • http://www.gorillawalker.com/this-winter-a-solitaire-novella.pdf
    • http://www.gorillawalker.com/behind-the-saleslady-s-smile-one-woman-s-adventures-in.pdf
    • http://www.gorillawalker.com/surgical-guide-to-circumcision.pdf
    • http://www.gorillawalker.com/the-bionic-hand-great-idea.pdf
    • http://www.gorillawalker.com/journey-to-the-real-selected-poems-of-takashi-arima.pdf
    • http://www.gorillawalker.com/paul-morgan-architects-minimono.pdf
    • http://www.gorillawalker.com/factor-analysis-statistical-methods-and-practical-issues-quantitative-applications-in.pdf
    • http://www.gorillawalker.com/panavia-tornado-crowood-aviation-series.pdf
    • http://www.gorillawalker.com/what-s-your-story-harriet-tubman-cub-reporter-meets-famous.pdf
    • http://www.gorillawalker.com/the-gift-of-life-female-spirituality-and-healing-in-northern.pdf
    • http://www.gorillawalker.com/marine-biology-an-ecological-approach-5th-fifth-edition-by-james.pdf
    • http://www.gorillawalker.com/aristophanes-acharnians-lysistrata-clouds.pdf
    • http://www.gorillawalker.com/fiction-and-the-law-legal-discourse-in-victorian-and-modernist.pdf
    • http://www.gorillawalker.com/deadly-nightshade-selected-poems-essential-translations-series.pdf
    • http://www.gorillawalker.com/the-philosopher-s-stone-alchemy-and-the-secret-research-for.pdf
    • http://www.gorillawalker.com/volcano-instability-on-the-earth-and-other-planets-geological-society.pdf
    • http://www.gorillawalker.com/el-muro-the-wall-spanish-edition.pdf
    • http://www.gorillawalker.com/fundamentals-of-metallurgy.pdf
    • http://www.gorillawalker.com/song-poets-corner-songwriting-kindle-edition.pdf
    • http://www.gorillawalker.com/kaplan-nclex-pn-strategies-and-review-4th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.