Malicious PDF — malware analysis report

Static analysis result for SHA-256 9e1dd516200205e0…

MALICIOUS

PDF

40.1 KB Created: 2019-01-06 08:02:59 +03:00 Authoring application: Adobe InDesign CS5 (7.0.5) (via Adobe PDF Library 9.9)
MD5: 4418eab99487296dc1de7da96cd7be4f SHA-1: 39bfddbb10d2cb4a6b266e1a6281733f052db77a SHA-256: 9e1dd516200205e044e94cb8c2a0021d8967e0c1077c80e65eb3c7e0e70f28be
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various book titles hosted on the same domain, suggesting a tactic to artificially inflate search engine rankings or to serve as a lure for users. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific malicious intent beyond link farming.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/atlas-of-clinical-gastrointestinal-endoscopy-expert-consult-online-and-print.pdf
    • http://www.gorillawalker.com/distance-education-technologies-in-asia.pdf
    • http://www.gorillawalker.com/you-and-your-child-s-psychotherapy-the-essential-guide-for.pdf
    • http://www.gorillawalker.com/ancient-rising-book-1-of-the-rise-of-the-ancients.pdf
    • http://www.gorillawalker.com/touching-fingers-with-god.pdf
    • http://www.gorillawalker.com/seven-wedding-tales.pdf
    • http://www.gorillawalker.com/typomag.pdf
    • http://www.gorillawalker.com/bar-grill-cookbook.pdf
    • http://www.gorillawalker.com/the-rise-and-fall-and-rose-of-modern-dance.pdf
    • http://www.gorillawalker.com/stone-of-destiny-the-true-story.pdf
    • http://www.gorillawalker.com/menopause-a-time-for-positive-change.pdf
    • http://www.gorillawalker.com/ez-solutions-test-prep-series-verbal-section-reading-comprehension-act.pdf
    • http://www.gorillawalker.com/handbook-of-enumerative-combinatorics-discrete-mathematics-and-its-applications.pdf
    • http://www.gorillawalker.com/antologia-poetica-1927-1986-poetic-anthology-1927-1986-el-otro.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-asset-preservation.pdf
    • http://www.gorillawalker.com/50-five-minute-stories.pdf
    • http://www.gorillawalker.com/construction-project-management-2nd-edition-2nd-second-edition-authors-gould.pdf
    • http://www.gorillawalker.com/optical-physics-for-babies-volume-3.pdf
    • http://www.gorillawalker.com/how-to-make-a-pancake-we-read-phonics.pdf
    • http://www.gorillawalker.com/basic-applied-concepts-of-immunohematology-hardcover.pdf
    • http://www.gorillawalker.com/secularism-gender-and-the-state-in-the-middle-east-the.pdf
    • http://www.gorillawalker.com/all-different-kinds-of-free.pdf
    • http://www.gorillawalker.com/everyone-s-a-coach.pdf
    • http://www.gorillawalker.com/five-plays-by-kishida-kunio.pdf
    • http://www.gorillawalker.com/the-jade-emperor-s-mind-seal-classic-a-taoist-guide.pdf
    • http://www.gorillawalker.com/financial-markets-and-institutions-the-mcgraw-hill-irwin-series-in.pdf
    • http://www.gorillawalker.com/transformation-groups-and-lie-algebras.pdf
    • http://www.gorillawalker.com/natural-to-supernatural-health.pdf
    • http://www.gorillawalker.com/the-sleeper-the-sleeper-flowers-in-the-shroud-trilogy.pdf
    • http://www.gorillawalker.com/christopher-s-little-airplane.pdf
    • http://www.gorillawalker.com/p-t-forsyth-bibliography-and-index-bibliographies-and-indexes-in.pdf
    • http://www.gorillawalker.com/the-history-of-music-the-britannica-guide-to-the-visual.pdf
    • http://www.gorillawalker.com/building-dances-a-guide-to-putting-movements-together.pdf
    • http://www.gorillawalker.com/d-gray-man-vol-8.pdf
    • http://www.gorillawalker.com/bitcoin-beginner-s-guide-everything-you-need-to-know-to.pdf
    • http://www.gorillawalker.com/invitations-to-science-inquiry.pdf
    • http://www.gorillawalker.com/best-plays-of-2001-2002-best-plays-theater-yearbook.pdf
    • http://www.gorillawalker.com/you-can-hear-the-voice-of-god-how-god-speaks.pdf
    • http://www.gorillawalker.com/prehistoric-lowland-maya-environment-and-subsistence-economy-papers-of-the.pdf
    • http://www.gorillawalker.com/careers-in-computer-gaming-cutting-edge-careers.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.