Malicious PDF — malware analysis report

Static analysis result for SHA-256 3bf11ef3114ebba3…

MALICIOUS

PDF

40.5 KB Created: 2019-02-13 19:54:09 +03:00 Authoring application: GPL Ghostscript 8.64 (via Adobe PDF Library 8.0)
MD5: 78db75caf6b8102760110d77989d770b SHA-1: 00d0e54f4fac087b14749c49f67abd8acb226f7a SHA-256: 3bf11ef3114ebba337fa673c08a470ce2fcc536814a581090492796aff4a0062
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO poisoning or to distribute further malware. The document body is heavily obfuscated and does not provide clear textual clues.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/starscape-andromedan-dark-book-one.pdf
    • http://www.gorillawalker.com/the-first-thanksgiving-what-the-real-story-tells-us-about.pdf
    • http://www.gorillawalker.com/taken-the-goblin-king-s-captive-monster-erotica.pdf
    • http://www.gorillawalker.com/bangladesh-reflections-on-the-water-essential-asia-series.pdf
    • http://www.gorillawalker.com/expressionist-texts.pdf
    • http://www.gorillawalker.com/lincoln-at-two-hundred-why-we-still-read-the-sixteenth.pdf
    • http://www.gorillawalker.com/highway-420-the-colorado-marijuana-road-to-legalization.pdf
    • http://www.gorillawalker.com/essays-on-troilus-and-criseyde-chaucer-studies.pdf
    • http://www.gorillawalker.com/pathfinder-7-curse-of-the-crimson-throne-edge-of-anarchy.pdf
    • http://www.gorillawalker.com/el-problema-del-hombre-the-question-of-man-introduccion-a.pdf
    • http://www.gorillawalker.com/the-paid-laid-bundle-the-paid-laid-series-kindle-edition.pdf
    • http://www.gorillawalker.com/class-2-transferases-vii-34-springer-handbook-of-enzymes.pdf
    • http://www.gorillawalker.com/on-waiting-thinking-in-action.pdf
    • http://www.gorillawalker.com/atlas-of-foot-disorders.pdf
    • http://www.gorillawalker.com/bobbie-s-organic-planet-how-to-buy-local-and-cook.pdf
    • http://www.gorillawalker.com/drunkard-s-walk-reprint-edition-how-randomness-rules-our-lives.pdf
    • http://www.gorillawalker.com/glorious-appearing-2004-hardcover.pdf
    • http://www.gorillawalker.com/diagnostics-an-a-to-z-nursing-guide-to-laboratory-tests.pdf
    • http://www.gorillawalker.com/the-encyclopedia-cthulhiana-a-guide-to-lovecraftian-horror-call-of.pdf
    • http://www.gorillawalker.com/bookburners-badge-book-and-candle.pdf
    • http://www.gorillawalker.com/libros-po-ticos-los.pdf
    • http://www.gorillawalker.com/foolishly-yours.pdf
    • http://www.gorillawalker.com/understanding-understanding.pdf
    • http://www.gorillawalker.com/the-man-the-dancer-the-life-of-fred-astaire.pdf
    • http://www.gorillawalker.com/slave-to-sin-a-bdsm-anal-tale-the-courtney-manor.pdf
    • http://www.gorillawalker.com/haydn-piano-sonata-no-2-in-e-minor-hob-xvi.pdf
    • http://www.gorillawalker.com/dbook-density-data-diagrams-dwellings-english-and-spanish-edition.pdf
    • http://www.gorillawalker.com/the-tithing-hoax-exposing-the-lies-misinterpretations-false-teachings-about.pdf
    • http://www.gorillawalker.com/the-chilcotin-war-a-tale-of-death-and-reprisal-amazing.pdf
    • http://www.gorillawalker.com/seismic-design-guidelines-for-port-structures.pdf
    • http://www.gorillawalker.com/the-rocky-road-to-the-great-war-the-evolution-of.pdf
    • http://www.gorillawalker.com/introduction-to-management-accounting-chapters-1-14-15th-edition.pdf
    • http://www.gorillawalker.com/the-geometry-of-meaning-semantics-based-on-conceptual-spaces.pdf
    • http://www.gorillawalker.com/lipstick-leather.pdf
    • http://www.gorillawalker.com/dna-and-the-criminal-justice-system-the-technology-of-justice.pdf
    • http://www.gorillawalker.com/the-cowgirl-s-secret-the-diamondback-ranch.pdf
    • http://www.gorillawalker.com/is-that-really-you-god-hearing-the-voice-of-god.pdf
    • http://www.gorillawalker.com/look-who-s-talking-scholastic-early-learners.pdf
    • http://www.gorillawalker.com/reading-2007-spelling-practice-book-grade-3-reading-street.pdf
    • http://www.gorillawalker.com/the-clone-age-adventures-in-the-new-world-of-reproductive.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.