Malicious PDF — malware analysis report

Static analysis result for SHA-256 3080dff205457fc1…

MALICIOUS

PDF

45.4 KB Created: 2018-11-14 08:41:04 +03:00 Authoring application: FrameMaker 11.0.2 (via Acrobat Elements 10.0.0 (Windows))
MD5: 6039158ee5e39ebf4fa876771781f840 SHA-1: 416386a80ff89f1703ce8e16689e84b35f3414c9 SHA-256: 3080dff205457fc190bd62d8037f168085ae12f05089c717882b9079b7bbcbba
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged for containing a large number of external links, a technique often used for SEO manipulation or to distribute malicious content. The document body itself is heavily obfuscated and does not provide clear user-facing text, but the embedded URLs point to a domain that appears to host numerous PDF files, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mountain-bicycling-around-los-angeles.pdf
    • http://www.gorillawalker.com/peary-henson-the-race-to-the-north-pole-in-the.pdf
    • http://www.gorillawalker.com/tribulation-force-left-behind-series-book-2-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/the-book-of-mychal-the-surprising-life-and-heroic-death.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-seismic-assessment-and-rehabilitation-of-historic.pdf
    • http://www.gorillawalker.com/review-of-some-of-the-recent-advances-in-tropical-medicine.pdf
    • http://www.gorillawalker.com/in-his-image-a-workbook-on-scriptural-holiness.pdf
    • http://www.gorillawalker.com/game-of-kings-a-year-among-the-oddballs-and-geniuses.pdf
    • http://www.gorillawalker.com/welding-metallurgy-carbon-and-alloy-steels-volume-ii-technology.pdf
    • http://www.gorillawalker.com/a-model-of-family-adaptation-to-new-onset-childhood-epilepsy.pdf
    • http://www.gorillawalker.com/mastering-french-business-vocabulary.pdf
    • http://www.gorillawalker.com/diabetes-health-issues.pdf
    • http://www.gorillawalker.com/harry-cat-and-tucker-mouse-harry-to-the-rescue-my.pdf
    • http://www.gorillawalker.com/the-vauban-fortifications-of-france-fortress.pdf
    • http://www.gorillawalker.com/fao-trade-yearbook-2003-fao-trade-yearbook-annuaire-fao-du.pdf
    • http://www.gorillawalker.com/divided-by-color-racial-politics-and-democratic-ideals-american-politics.pdf
    • http://www.gorillawalker.com/to-love-and-to-cherish-victorian-trilogy.pdf
    • http://www.gorillawalker.com/water-cycle-science-readers.pdf
    • http://www.gorillawalker.com/five-star-science-fiction-fantasy-on-account-of-darkness-and.pdf
    • http://www.gorillawalker.com/la-cenerentola-act-1-chorus-and-cavatina-dandini-vocal-score.pdf
    • http://www.gorillawalker.com/the-starry-wisdom-a-tribute-to-h-p-lovecraft.pdf
    • http://www.gorillawalker.com/multicast-communication-protocols-programming-applications-the-morgan-kaufmann-series-in.pdf
    • http://www.gorillawalker.com/children-s-all-round-wisdom-encyclopedia-ovely-animals-chinese-edition.pdf
    • http://www.gorillawalker.com/ricci-2e-text-prepu-plus-lww-nclex-pn-5-000.pdf
    • http://www.gorillawalker.com/the-histories-revised-penguin-classics.pdf
    • http://www.gorillawalker.com/words-that-wound-critical-race-theory-assaultive-speech-and-the.pdf
    • http://www.gorillawalker.com/the-most-offending-soul-alive.pdf
    • http://www.gorillawalker.com/just-one-vote-from-jim-walding-s-nomination-to-constitutional.pdf
    • http://www.gorillawalker.com/cool-collections.pdf
    • http://www.gorillawalker.com/star-wars-rebels-sabine-s-art-attack-world-of-reading.pdf
    • http://www.gorillawalker.com/environmental-impact-assessment-a-practical-guide.pdf
    • http://www.gorillawalker.com/a-horse-called-mogollon-a-floating-outfit-western-book-3.pdf
    • http://www.gorillawalker.com/international-tax-as-international-law-07-by-avi-yonah-reuven.pdf
    • http://www.gorillawalker.com/official-rangers-fc-annual-2009.pdf
    • http://www.gorillawalker.com/ocean-s-power-underwater-waves.pdf
    • http://www.gorillawalker.com/the-coconut-clue-candy-fairies-book-17.pdf
    • http://www.gorillawalker.com/murdering-eve.pdf
    • http://www.gorillawalker.com/financial-shenanigans-how-to-detect-accounting-gimmicks-fraud-in-financial.pdf
    • http://www.gorillawalker.com/racism-a-global-reader-sources-and-studies-in-world-history.pdf
    • http://www.gorillawalker.com/the-curse-of-celebrity-how-and-why-our-favourite-stars.pdf
    • http://www.gorillawalker.com/review-of-some-of-the-rece
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.