Malicious PDF — malware analysis report

Static analysis result for SHA-256 397cb1c259055ba5…

MALICIOUS

PDF

40.6 KB Created: 2018-12-07 18:27:18 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 5c179d66cfbe51682242de73dfcfbdd1 SHA-1: cba57fa298c6b04d0a1253bee45ac29f5f76d6a0 SHA-256: 397cb1c259055ba55902d50764a76572c184512763c651a5d291038dfda2fcbe
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a critical heuristic firing for PDF_SEO_LINK_FARM, indicating a large number of embedded external links. The primary purpose appears to be SEO manipulation or a link-farming scheme, potentially leading users to malicious or unwanted content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/another-tree-dance.pdf
    • http://www.gorillawalker.com/making-new-zealand-s-pop-renaissance-state-markets-musicians-ashgate.pdf
    • http://www.gorillawalker.com/coping-and-emotion-in-sport-second-edition.pdf
    • http://www.gorillawalker.com/rosario-vampire-vol-7.pdf
    • http://www.gorillawalker.com/d-day-cornerstones-of-freedom-second.pdf
    • http://www.gorillawalker.com/evidence-quick-study-law.pdf
    • http://www.gorillawalker.com/sensory-transduction.pdf
    • http://www.gorillawalker.com/the-red-nichols-story-after-intermission-1942-1965-studies-in.pdf
    • http://www.gorillawalker.com/mecanica-de-fluidos-mechanics-of-fluids-spanish-edition.pdf
    • http://www.gorillawalker.com/aves-de-mexico-guia-de-campo-a-field-guide-to.pdf
    • http://www.gorillawalker.com/little-sister-rabbit.pdf
    • http://www.gorillawalker.com/divorced-child-a-therapeutic-fairy-tale-kindle-edition.pdf
    • http://www.gorillawalker.com/baja-prepping-vw-sedans-dune-buggies.pdf
    • http://www.gorillawalker.com/encyclopedia-of-celtic-tunes-for-mandolin-solo.pdf
    • http://www.gorillawalker.com/the-magic-pear-tree-for-tablet-devices-usborne-first-reading.pdf
    • http://www.gorillawalker.com/50-percent-raw-a-beginner-s-raw-food-diet-guide.pdf
    • http://www.gorillawalker.com/pimping-craigslist-for-fun-and-profit-a-down-and-dirty.pdf
    • http://www.gorillawalker.com/fire-service-search-and-rescue.pdf
    • http://www.gorillawalker.com/murray-and-nadel-s-textbook-of-respiratory-medicine-e-dition.pdf
    • http://www.gorillawalker.com/culo-by-mazzucco.pdf
    • http://www.gorillawalker.com/cabaret-the-illustrated-book-and-lyrics.pdf
    • http://www.gorillawalker.com/educational-review-manual-in-nephrology-castle-connolly-graduate-board-review.pdf
    • http://www.gorillawalker.com/waste-matters-new-perspectives-on-food-and-society.pdf
    • http://www.gorillawalker.com/the-end-a-postapocalyptic-novel-the-new-world-series-book.pdf
    • http://www.gorillawalker.com/tm-design-s-ultimate-book-of-great-neck-paperback.pdf
    • http://www.gorillawalker.com/new-american-streamline-departures-beginner-departures-compact-discs-2.pdf
    • http://www.gorillawalker.com/the-expectant-dairy-cow.pdf
    • http://www.gorillawalker.com/theory-and-practice-of-nlp-coaching-a-psychological-approach.pdf
    • http://www.gorillawalker.com/fifty-foods-that-changed-the-course-of-history-fifty-things.pdf
    • http://www.gorillawalker.com/limnology-of-taylor-creek-impoundment-with-reference-to-other-bodies.pdf
    • http://www.gorillawalker.com/munich-m-nchen-1-11-000-1-22-000-street.pdf
    • http://www.gorillawalker.com/latinos-and-the-new-immigrant-church.pdf
    • http://www.gorillawalker.com/breast-cancer-101-c101-basics-for-the-diagnosed-a-planner.pdf
    • http://www.gorillawalker.com/nigerian-interlude.pdf
    • http://www.gorillawalker.com/the-medical-marijuana-guide-natures-pharmacy-kindle-edition.pdf
    • http://www.gorillawalker.com/mastering-calculations-in-linear-and-nonlinear-mechanics-mechanical-engineering-series.pdf
    • http://www.gorillawalker.com/brs-gross-anatomy-board-review-series.pdf
    • http://www.gorillawalker.com/development-and-evaluation-of-drugs-from-laboratory-through-licensure-to.pdf
    • http://www.gorillawalker.com/12-brilliant-piano-pieces-from-god.pdf
    • http://www.gorillawalker.com/magic-city-push-fiction.pdf
    • http://www.gorillawalker.com/the-red-nichol
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.