Malicious PDF — malware analysis report

Static analysis result for SHA-256 8398f928dbc7cbe9…

MALICIOUS

PDF

45.8 KB Created: 2018-11-15 18:31:54 +03:00 Authoring application: doPDF Ver 7.3 Build 391 (Windows 7 Home Premium Edition (SP 1) - Version: 6.1.7601 (x64))
MD5: 6c4146f31f862523da014eb1f5b2fc20 SHA-1: e3b13ce4bbcb1c5799c634006510c055b0d93de4 SHA-256: 8398f928dbc7cbe91c72adabe7dd298e4c3d1e95613019a3055d112728ee5f1a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a 'PDF_SEO_LINK_FARM' heuristic, indicating a large number of embedded external links. The document body contains numerous URLs, all pointing to the same domain, suggesting a coordinated effort to create a link farm. This is likely a tactic to manipulate search engine results or to serve as a lure for users to click on potentially malicious content.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-zoo-i-like-to-visit-library-binding.pdf
    • http://www.gorillawalker.com/the-second-world-war-pitkin-guides.pdf
    • http://www.gorillawalker.com/uncle-remus-the-complete-tales.pdf
    • http://www.gorillawalker.com/hoosier-folk-legends-midland-books.pdf
    • http://www.gorillawalker.com/21-hungarian-dances-orchestra-woo-1-nos-5-and-6.pdf
    • http://www.gorillawalker.com/basal-ganglia-brainstem-cerebellum-striatum-thalamus-caudate-putamen-globus-pallidus.pdf
    • http://www.gorillawalker.com/enhancing-children-s-participation-in-physical-activity-an-article-from.pdf
    • http://www.gorillawalker.com/the-social-psychology-of-organizing.pdf
    • http://www.gorillawalker.com/unseen-thoughts-invisible-words-that-inspire.pdf
    • http://www.gorillawalker.com/the-global-flood-of-noah-scripture-and-science-series.pdf
    • http://www.gorillawalker.com/eat-your-world-s-charleston-food-travel-guide-the-inside.pdf
    • http://www.gorillawalker.com/geometry-its-elements-and-structure-second-edition-dover-books-on.pdf
    • http://www.gorillawalker.com/oeuvres-collected-papers-volume-2-1960-1971-french-and-english.pdf
    • http://www.gorillawalker.com/nocturnes-chopin-national-edition-5a-vol-5-series-a-works.pdf
    • http://www.gorillawalker.com/pirate-latitudes.pdf
    • http://www.gorillawalker.com/ghost-s-dilemma.pdf
    • http://www.gorillawalker.com/how-not-to-act-old-185-ways-to-pass-for.pdf
    • http://www.gorillawalker.com/dare-you-forever-brothers-of-ink-and-steel-novella-2.pdf
    • http://www.gorillawalker.com/fundamentals-of-urine-body-fluid-analysis-2e.pdf
    • http://www.gorillawalker.com/printing-practice-grade-3.pdf
    • http://www.gorillawalker.com/arctic-and-antarctic-eyewitness-videos.pdf
    • http://www.gorillawalker.com/alfred-s-basic-piano-course-repertoire-book-2-alfred-s.pdf
    • http://www.gorillawalker.com/the-insatiable-gorge-an-existentialist-view-of-opiate-addiction-and.pdf
    • http://www.gorillawalker.com/amarse-con-los-ojos-abiertos-el-desarrollo-personal-a-trav.pdf
    • http://www.gorillawalker.com/the-compass-of-pleasure-how-our-brains-make-fatty-foods.pdf
    • http://www.gorillawalker.com/peregrinating-north-south-compass-points-poems-in-english-and-spanish.pdf
    • http://www.gorillawalker.com/jesus-and-judaism.pdf
    • http://www.gorillawalker.com/grocery-revolution-the-new-focus-on-the-consumer.pdf
    • http://www.gorillawalker.com/great-gatsby-bloom-s-notes.pdf
    • http://www.gorillawalker.com/categorical-combinators-sequential-algorithms-and-functional-programming-progress-in-theoretical.pdf
    • http://www.gorillawalker.com/tropical-grasslands-biomes-atlases-pb.pdf
    • http://www.gorillawalker.com/crosswords-daily-mail-new-cryptic-09-by-daily-mail-published.pdf
    • http://www.gorillawalker.com/mississippi-harmony-memoirs-of-a-freedom-fighter.pdf
    • http://www.gorillawalker.com/comparison-of-esthetic-preferences-between-treated-and-non-treated-subjects.pdf
    • http://www.gorillawalker.com/children-diseases-diet-therapy-diet-library-of-chinese-self-care.pdf
    • http://www.gorillawalker.com/when-hopi-children-were-bad-a-monster-story.pdf
    • http://www.gorillawalker.com/no-salt-lowest-sodium-soups-salads-and-sandwiches-kindle-edition.pdf
    • http://www.gorillawalker.com/problem-solving-and-program-design-in-c-6th-edition.pdf
    • http://www.gorillawalker.com/a-first-course-in-group-theory-universitext.pdf
    • http://www.gorillawalker.com/introduction-to-mass-communication-media-literacy-and-culture.pdf
    • http://www.gorillawalker.com/enhancing-children-s-partici
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.