Malicious PDF — malware analysis report

Static analysis result for SHA-256 56569b01b9c407e6…

MALICIOUS

PDF

37.2 KB Created: 2019-09-18 05:33:13 +03:00 Authoring application: - (via Acrobat Distiller 15.0 (Windows))
MD5: 65e3cb5cbab9d9b14165e303736b2534 SHA-1: ee570de454d50a51db4b2b4c44fe2f4a9b4ec08a SHA-256: 56569b01b9c407e635ad6dec2b835d7ec88f7c401410f697f3d18ebc3e1d7e81
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious Link

The PDF file contains a large number of embedded URLs pointing to other PDF documents hosted on the same domain, indicative of a link farm. The heuristic 'SE_ADVANCE_FEE_SCAM_LURE' strongly suggests this is part of an advance-fee fraud scheme, likely aiming to trick users into visiting these links. No scripts were extracted, and the document body was unreadable, limiting further analysis of the exact lure.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/framing-the-sexual-subject-the-politics-of-gender-sexuality-and.pdf
    • http://www.gorillawalker.com/blood-ink-and-culture-miseries-and-splendors-of-the-post.pdf
    • http://www.gorillawalker.com/structured-inequality-in-the-united-states-discussions-on-the-continuing.pdf
    • http://www.gorillawalker.com/komplikationen-bei-thorakalen-periduralkathetern-in-abhangigkeit-der-ausbildung-des-arztes.pdf
    • http://www.gorillawalker.com/mechanical-principles-and-systems-for-industrial-maintenance.pdf
    • http://www.gorillawalker.com/marvel-avengers-the-ultimate-character-guide.pdf
    • http://www.gorillawalker.com/the-president-travels-by-train-politics-and-pullmans.pdf
    • http://www.gorillawalker.com/edge-of-victory-ii-rebirth-star-wars-the-new-jedi.pdf
    • http://www.gorillawalker.com/photographs-of-larnaca-cyprus-the-peaceful-beach-town-with-a.pdf
    • http://www.gorillawalker.com/beginner-s-guide-to-the-two-day-5-2-diet.pdf
    • http://www.gorillawalker.com/hanuman-the-devotion-and-power-of-the-monkey-god-kindle.pdf
    • http://www.gorillawalker.com/kaffe-fassett-quilts-shots-stripes-24-new-projects-made-with.pdf
    • http://www.gorillawalker.com/the-borders-of-subculture-resistance-and-the-mainstream-routledge-research.pdf
    • http://www.gorillawalker.com/a-long-walk-south-from-the-north-sea-to-the.pdf
    • http://www.gorillawalker.com/medical-selection-of-life-risks.pdf
    • http://www.gorillawalker.com/handbook-of-ancient-roman-marbles.pdf
    • http://www.gorillawalker.com/ten-macabre-tales-vol-1-ten-macabre-tales-1-kindle.pdf
    • http://www.gorillawalker.com/introductory-statistical-probability-and-reliability-methods-for-civil-and-environmental.pdf
    • http://www.gorillawalker.com/kage-unmasked-kage-trilogy-book-3.pdf
    • http://www.gorillawalker.com/american-folk-rhapsody-no-4-full-score.pdf
    • http://www.gorillawalker.com/acts-the-church-afire-preaching-the-word.pdf
    • http://www.gorillawalker.com/jack-s-swimming-secrets-for-kids-10-put-your-hips.pdf
    • http://www.gorillawalker.com/vladimir-putin-and-russian-statecraft-shapers-of-international-history.pdf
    • http://www.gorillawalker.com/taken-by-the-trucker-bwwm-pregnancy-erotica.pdf
    • http://www.gorillawalker.com/jack-templar-monster-hunter-the-templar-chronicles-book-one.pdf
    • http://www.gorillawalker.com/the-arag-r-solution-a-product-differentiator-a-revenue-generator.pdf
    • http://www.gorillawalker.com/the-papers-of-george-catlett-marshall-the-whole-world-hangs.pdf
    • http://www.gorillawalker.com/electromagnetic-foundations-of-solar-radiation-collection-a-technology-for-sustainability.pdf
    • http://www.gorillawalker.com/cae-advanced-exam-maximisergold-with-key-certificate-advanced-english.pdf
    • http://www.gorillawalker.com/family-the-compact-among-generations.pdf
    • http://www.gorillawalker.com/fantasy-the-liberation-of-imagination-genres-in-context.pdf
    • http://www.gorillawalker.com/hidden-voices-the-orphan-musicians-of-venice.pdf
    • http://www.gorillawalker.com/what-works-and-doesn-t-in-reducing-recidivism.pdf
    • http://www.gorillawalker.com/choosing-project-success-a-guide-for-building-professionals.pdf
    • http://www.gorillawalker.com/epilepsy-its-symptoms-treatment-and-relation-to-other-chronic-convulsive.pdf
    • http://www.gorillawalker.com/pharmacology-for-nursing-care-text-and-study-guide-package-8e.pdf
    • http://www.gorillawalker.com/koren-talmud-bavli-v-37-hullin-part-1-english.pdf
    • http://www.gorillawalker.com/aat-indirect-tax-fa2015-passcards.pdf
    • http://www.gorillawalker.com/6-sonatas-op-3-for-2-treble-recorders.pdf
    • http://www.gorillawalker.com/applications-of-ndt-data-fusion.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.