Malicious PDF — malware analysis report

Static analysis result for SHA-256 9a36eae23f948385…

MALICIOUS

PDF

28.4 KB Created: 2019-11-10 05:17:05 +03:00 Authoring application: TeX (via pdfTeX-0.13d)
MD5: 58d28e618d3562a57525f84694bae545 SHA-1: a57c7a6da21bc23c166067d201c10cb00a610193 SHA-256: 9a36eae23f948385819fae3609bcac8e9d534e6a53882683bc1066ad7198e6eb
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external documents, a technique often used for SEO manipulation or to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' directly indicates this behavior. While no scripts were extracted, the sheer volume of links suggests a potential for redirecting users to phishing sites or malware downloaders. The primary attack pattern observed is the creation of a link farm within the PDF.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chloride-webster-s-specialty-crossword-puzzles-paperback.pdf
    • http://www.gorillawalker.com/bone-density-screening-belongs-in-primary-care-testing-is-recommended.pdf
    • http://www.gorillawalker.com/the-dominant-cowboy.pdf
    • http://www.gorillawalker.com/the-analects-the-world-s-classics.pdf
    • http://www.gorillawalker.com/infancy-development-from-birth-to-age-3.pdf
    • http://www.gorillawalker.com/procurement-clerk-passbooks-career-examination-series-c-2623.pdf
    • http://www.gorillawalker.com/last-call-for-the-dining-car-the-telegraph-book-of.pdf
    • http://www.gorillawalker.com/fluorinated-coatings-and-finishes-handbook-the-definitive-user-s-guide.pdf
    • http://www.gorillawalker.com/emily-and-the-spirit-of-christmas.pdf
    • http://www.gorillawalker.com/introduction-to-diagnostic-microbiology-a-text-and-workbook.pdf
    • http://www.gorillawalker.com/a-classical-tibetan-reader-selections-from-renowned-works-with-custom.pdf
    • http://www.gorillawalker.com/literature-of-the-hundred-flowers-vol-2.pdf
    • http://www.gorillawalker.com/by-k-m-dyce-textbook-of-veterinary-anatomy-4th-fourth.pdf
    • http://www.gorillawalker.com/a-calvinist-s-honest-doubts-resolved.pdf
    • http://www.gorillawalker.com/the-man-who-ended-the-world.pdf
    • http://www.gorillawalker.com/ghosts-of-cape-sabine-the-harrowing-true-story-of-the.pdf
    • http://www.gorillawalker.com/therapeutic-microbiology-probiotics-and-related-strategies.pdf
    • http://www.gorillawalker.com/aromatherapy-secrets-for-wellness-maximize-your-life-force-transform-stress.pdf
    • http://www.gorillawalker.com/computed-body-tomography-with-mri-correlation-2-volume-set.pdf
    • http://www.gorillawalker.com/friends-of-god-and-prophets-a-feminist-theological-reading-of.pdf
    • http://www.gorillawalker.com/california-love-naija-morsels.pdf
    • http://www.gorillawalker.com/principles-of-day-surgery-nursing.pdf
    • http://www.gorillawalker.com/origami-model-airplanes-origami-book-23-designs-plane-histories.pdf
    • http://www.gorillawalker.com/fundamentals-of-ceramics.pdf
    • http://www.gorillawalker.com/united-states-1776-1992-flagship-history.pdf
    • http://www.gorillawalker.com/secrets-de-gourmandises-recettes-de-patisseries-sans-gluten-ni-lait.pdf
    • http://www.gorillawalker.com/handbook-of-latin-american-literature-garland-reference-library-of-the.pdf
    • http://www.gorillawalker.com/cracking-the-psat-nmsqt-2009-edition-college-test-preparation.pdf
    • http://www.gorillawalker.com/teaching-music-with-purpose.pdf
    • http://www.gorillawalker.com/fundamentals-of-modern-property-law.pdf
    • http://www.gorillawalker.com/a-cambio-de-su-felicidad-in-exchange-of-her-happiness.pdf
    • http://www.gorillawalker.com/british-coastlines-wall-calendar-2016-art-calendar.pdf
    • http://www.gorillawalker.com/ruppel-s-manual-of-pulmonary-function-testing-10e-manual-of.pdf
    • http://www.gorillawalker.com/a-21st-century-ethical-toolbox.pdf
    • http://www.gorillawalker.com/early-village-life-early-settler-life-series.pdf
    • http://www.gorillawalker.com/can-buildings-speak-start-up-art-and-design.pdf
    • http://www.gorillawalker.com/pro-wrestling-finishing-holds.pdf
    • http://www.gorillawalker.com/south-dakota-curiosities-quirky-characters-roadside-oddities-other-offbeat-stuff.pdf
    • http://www.gorillawalker.com/memes-memes-galore.pdf
    • http://www.gorillawalker.com/for-the-love-of-paprika.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.