Malicious PDF — malware analysis report

Static analysis result for SHA-256 79da019cb4e04f20…

MALICIOUS

PDF

45.9 KB Created: 2018-11-23 08:05:29 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: 739ad0b9c4985f23ec63bd87e9e26cdc SHA-1: 02718bea63d5a5f53fc2b10cd13d13aaa3acd4da SHA-256: 79da019cb4e04f208ef4c64d6bc5b118c3ff15ec577f648cfe6703ea1a931eaf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates the presence of 32 external PDF links, with the first being http://www.gorillawalker.com/letters-to-my-semi-detached-son.pdf. This suggests a tactic to either manipulate search engine results or to distribute further malicious content through these links. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/letters-to-my-semi-detached-son.pdf
    • http://www.gorillawalker.com/around-the-world-in-80-words-11-18-london-essex.pdf
    • http://www.gorillawalker.com/straight-talk-law-the-truth-about-buying-washington-auto-insurance.pdf
    • http://www.gorillawalker.com/blood-evidence-forensic-crime-solvers.pdf
    • http://www.gorillawalker.com/the-meaning-of-tango-the-story-of-the-argentinian-dance.pdf
    • http://www.gorillawalker.com/bodyweight-strength-training-101-the-beginner-s-guide-to-building.pdf
    • http://www.gorillawalker.com/anaesthesia-for-the-high-risk-patient.pdf
    • http://www.gorillawalker.com/mcdougal-littell-language-of-literature-student-edition-grade-9-2006.pdf
    • http://www.gorillawalker.com/cosi-fan-tutte-an-opera-in-two-acts-vocal-score.pdf
    • http://www.gorillawalker.com/the-histories-book-4-melpomene-herodotus-histories-volume-4.pdf
    • http://www.gorillawalker.com/cool-stuff-exploded.pdf
    • http://www.gorillawalker.com/blood-of-the-wolf-volume-1.pdf
    • http://www.gorillawalker.com/a-student-s-guide-to-elements-of-proof.pdf
    • http://www.gorillawalker.com/how-to-run-a-catering-business-from-home.pdf
    • http://www.gorillawalker.com/the-brain-workout-book.pdf
    • http://www.gorillawalker.com/jack-benny-3-hour-collectors-editions.pdf
    • http://www.gorillawalker.com/complexity-theory-exploring-the-limits-of-efficient-algorithms.pdf
    • http://www.gorillawalker.com/new-directions-in-solid-state-chemistry-structure-synthesis-properties-reactivity.pdf
    • http://www.gorillawalker.com/art-nouveau-posters-2015-square-12x12-flame-tree.pdf
    • http://www.gorillawalker.com/advanced-design-in-nursing-research-hardcover-1997-author-pamela-brink.pdf
    • http://www.gorillawalker.com/rural-development-and-the-construction-of-new-markets-routledge-iss.pdf
    • http://www.gorillawalker.com/nontechnical-guide-to-petroleum-geology-exploration-drilling-and-production-2nd.pdf
    • http://www.gorillawalker.com/ecominimalism-the-antidote-to-eco-bling.pdf
    • http://www.gorillawalker.com/iterative-learning-control-robustness-and-monotonic-convergence-for-interval-systems.pdf
    • http://www.gorillawalker.com/a-new-look-at-the-old-testament.pdf
    • http://www.gorillawalker.com/where-does-love-come-from.pdf
    • http://www.gorillawalker.com/when-highland-lightning-strikes-a-highland-talents-novella.pdf
    • http://www.gorillawalker.com/data-mining-and-data-based-direct-marketing-activities.pdf
    • http://www.gorillawalker.com/my-first-violin-fun-book-including-coloring-activity-pages-for.pdf
    • http://www.gorillawalker.com/mexican-american-literature-the-politics-of-identity-routledge-transnational-perspectives.pdf
    • http://www.gorillawalker.com/fouled-out.pdf
    • http://www.gorillawalker.com/get-a-backbone-principal-5-conversations-every-school-leader-must.pdf
    • http://www.gorillawalker.com/simple-quinoa-cookbook-quick-easy-quinoa-recipes-your-whole-family.pdf
    • http://www.gorillawalker.com/matters-of-life-and-death-an-adventist-pastor-takes-a.pdf
    • http://www.gorillawalker.com/the-confessions-of-klaus-barbie-the-butcher-of-lyon.pdf
    • http://www.gorillawalker.com/the-gruffalo.pdf
    • http://www.gorillawalker.com/the-case-for-mental-imagery-oxford-psychology.pdf
    • http://www.gorillawalker.com/three-war-marine-the-pacific-korea-vietnam.pdf
    • http://www.gorillawalker.com/ukulele-aerobics-for-all-levels-from-beginner-to-advanced-kindle.pdf
    • http://www.gorillawalker.com/foul-play-soccer-stars.pdf
    • http://www.gorillawalker.com/bodyweight-stren
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.