Malicious PDF — malware analysis report

Static analysis result for SHA-256 964b1c359a9934cc…

MALICIOUS

PDF

48.1 KB Created: 2018-11-30 20:58:39 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: 538ccf7bd84827af6e60135832a4603b SHA-1: 9bacb2587509c87779fb4e4acb8c7c0999b0b4eb SHA-256: 964b1c359a9934cc6ac9007eba513ed6f07be56c7f692db1c08d0e3620c640e5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The majority of these links are hosted on www.gorillawalker.com. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious, to unsuspecting users. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/giant-book-of-tofu-cooking.pdf
    • http://www.gorillawalker.com/timothy-treadwell-bear-expert-killed-by-bears-kindle-edition.pdf
    • http://www.gorillawalker.com/eat-yourself-thin-with-fabulous-desserts-sugar-free-low-carb.pdf
    • http://www.gorillawalker.com/study-book-federal-rules-of-evidence-general-judicial-notice-relevance.pdf
    • http://www.gorillawalker.com/living-through-breast-cancer-with-faith-hope-and-laughter.pdf
    • http://www.gorillawalker.com/studies-in-medieval-georgian-historiography-early-texts-and-eurasian-contexts.pdf
    • http://www.gorillawalker.com/how-lovely-is-thy-dwelling-place-from-the-requiem.pdf
    • http://www.gorillawalker.com/mozart-horn-concerto-number-2.pdf
    • http://www.gorillawalker.com/mind-reading-tricks-secrets-of-magic.pdf
    • http://www.gorillawalker.com/no-place-like-home-history-of-nursing-home-care-in.pdf
    • http://www.gorillawalker.com/literature-of-the-early-twentieth-century-from-the-constitutional-period.pdf
    • http://www.gorillawalker.com/amend-internal-revenue-code-of-1986-and-social-security-act.pdf
    • http://www.gorillawalker.com/atlas-of-clinical-diagnosis-1e.pdf
    • http://www.gorillawalker.com/books-for-college-libraries-psychology-science-technology-bibliography.pdf
    • http://www.gorillawalker.com/data-mining-for-business-intelligence-concepts-techniques-and-applications-in.pdf
    • http://www.gorillawalker.com/the-ragas-of-north-india.pdf
    • http://www.gorillawalker.com/2007-bpvc-section-ix-welding-and-brazing-qualifications.pdf
    • http://www.gorillawalker.com/the-gemini-8m-telescopes-gemini-preprint.pdf
    • http://www.gorillawalker.com/sticker-and-colour-in-playbook-teddy-bear-abc-with-over.pdf
    • http://www.gorillawalker.com/another-dinner-is-possible-more-than-just-a-vegan-cookbook.pdf
    • http://www.gorillawalker.com/the-innovator-s-dilemma-when-new-technologies-cause-great-firms.pdf
    • http://www.gorillawalker.com/plant-galls-naturalists-handbook-series.pdf
    • http://www.gorillawalker.com/star-wars-crimson-empire-ii-council-of-blood.pdf
    • http://www.gorillawalker.com/son-of-faster-cheaper-a-sharp-look-inside-the-animation.pdf
    • http://www.gorillawalker.com/english-dari-dari-english-one-to-one-dictionary-script-roman.pdf
    • http://www.gorillawalker.com/practical-small-animal-mri-kindle-edition.pdf
    • http://www.gorillawalker.com/conceptions-of-postwar-german-masculinity.pdf
    • http://www.gorillawalker.com/aspects-of-the-governing-of-the-finns-studies-in-modern.pdf
    • http://www.gorillawalker.com/archean-geodynamics-and-environments.pdf
    • http://www.gorillawalker.com/calculus-of-a-single-variable-early-transcendental-functions-third-edition.pdf
    • http://www.gorillawalker.com/polynomials-and-polynomial-inequalities-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/messy-saved-to-serve-series-part-one-kindle-edition.pdf
    • http://www.gorillawalker.com/just-for-now-escape-to-new-zealand-book-three.pdf
    • http://www.gorillawalker.com/oscar-peterson-plays-standard-piano-signature-licks-bk-cd.pdf
    • http://www.gorillawalker.com/planets-complete-piano-duet.pdf
    • http://www.gorillawalker.com/pathfinder-roleplaying-game-monster-codex.pdf
    • http://www.gorillawalker.com/becoming-an-alzheimer-s-whisperer-a-resource-guide-for-family.pdf
    • http://www.gorillawalker.com/the-billionaire-bride-the-brides-of-holland-springs-volume-1.pdf
    • http://www.gorillawalker.com/sparc-architecture-assembly-language-programming-and-c-2nd-edition.pdf
    • http://www.gorillawalker.com/an-arc-of-convergence-for-violin-and-french-horn.pdf
    • http://www.gorillawalker.com/how-lovely-is-thy-dwelling-place-from-th
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.