Malicious PDF — malware analysis report

Static analysis result for SHA-256 4e12df1930c326dc…

MALICIOUS

PDF

33.7 KB Created: 2019-05-24 00:42:56 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 7d483375f6b1e8a2dbb44c0f73ea410a SHA-1: 9a3e0466bda93b7b0f7b5c796ceacc9bd867e1f9 SHA-256: 4e12df1930c326dc760bdc9ef2e243f56a692b255aae69a1471c56019fc57a58
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to a single domain, indicating a link farm or SEO manipulation tactic. The heuristic 'PDF_SEO_LINK_FARM' directly supports this finding. While no scripts were extracted, the sheer volume of links suggests a malicious intent to drive traffic or distribute further content, potentially leading to phishing or malware downloads.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/atomic-winter-kindle-edition.pdf
    • http://www.gorillawalker.com/self-discipline-unleash-the-power-of-self-discipline-influence-and.pdf
    • http://www.gorillawalker.com/education-for-sexuality-and-hiv-aids-curriculum-and-teaching-strategies.pdf
    • http://www.gorillawalker.com/on-the-nature-of-legal-principles-proceedings-of-the-special.pdf
    • http://www.gorillawalker.com/how-to-survive-hearing-loss.pdf
    • http://www.gorillawalker.com/paramedic-care-principles-practice-volume-7-operations-4th-edition.pdf
    • http://www.gorillawalker.com/the-five-forty-five-to-cannes.pdf
    • http://www.gorillawalker.com/qar-comprehension-lessons-grades-6-8-16-lessons-with-text.pdf
    • http://www.gorillawalker.com/travels-in-morocco-volume-1.pdf
    • http://www.gorillawalker.com/empire-of-light-a-history-of-discovery-in-science-and.pdf
    • http://www.gorillawalker.com/party-wall-workbook-a-guide-for-architects-appointed-to-act.pdf
    • http://www.gorillawalker.com/the-bottom-of-the-harbor.pdf
    • http://www.gorillawalker.com/alceste-wq-44-divinites-du-styx-a-flat-major-oboe.pdf
    • http://www.gorillawalker.com/something-to-hide-nancy-drew-files-book-41-kindle-edition.pdf
    • http://www.gorillawalker.com/crossdressing-my-husband.pdf
    • http://www.gorillawalker.com/cartographie-radar-l-univers-de-la-teledetection.pdf
    • http://www.gorillawalker.com/ecological-engineering-and-ecosystem-restoration.pdf
    • http://www.gorillawalker.com/specification-the-standard-reference-book-for-architects-surveryors-and-municipal.pdf
    • http://www.gorillawalker.com/i-hope-they-serve-beer-in-hell-movie-tie-in.pdf
    • http://www.gorillawalker.com/a-possum-s-date-which-will-live-in-infamy.pdf
    • http://www.gorillawalker.com/self-deliverance-how-to-gain-victory-over-the-powers-of.pdf
    • http://www.gorillawalker.com/flower-fairies-slim-calendar.pdf
    • http://www.gorillawalker.com/vacation-gone-south-kindle-edition.pdf
    • http://www.gorillawalker.com/symbols-of-transformation-volume-i-an-analysis-of-the-prelude.pdf
    • http://www.gorillawalker.com/uterine-fibroids-pipeline-review-q1-2011-download-pdf-digital.pdf
    • http://www.gorillawalker.com/greenmarket-to-gotham-recipe-journal-gotham-recipe-journals.pdf
    • http://www.gorillawalker.com/acuna-and-the-abortion-right-constraints-on-informed-consent-litigation.pdf
    • http://www.gorillawalker.com/hurricane-days.pdf
    • http://www.gorillawalker.com/a-christmas-journey.pdf
    • http://www.gorillawalker.com/how-to-retire-in-canada-how-to-retire-in-book.pdf
    • http://www.gorillawalker.com/essential-osce-topics-for-medical-and-surgical-finals-masterpass-series.pdf
    • http://www.gorillawalker.com/a-covenant-of-seasons-monotypes-by-joellyn-t-duesberry-poetry.pdf
    • http://www.gorillawalker.com/paleotectonics-and-sedimentation-in-the-rocky-mountain-region-united-states.pdf
    • http://www.gorillawalker.com/mel-bays-complete-irish-tin-whistle-book.pdf
    • http://www.gorillawalker.com/iran-s-political-economy-since-the-revolution.pdf
    • http://www.gorillawalker.com/economics-and-mental-health.pdf
    • http://www.gorillawalker.com/trinidad-and-tobago-an-entry-from-uxl-s-junior-worldmark.pdf
    • http://www.gorillawalker.com/applied-econometrics-a-modern-approach-using-eviews-and-microfit-revised.pdf
    • http://www.gorillawalker.com/holy-smokes-inspirational-help-for-kicking-the-habit.pdf
    • http://www.gorillawalker.com/jong-s-community-dental-health-4e.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.