Malicious PDF — malware analysis report

Static analysis result for SHA-256 9e936cc71d0ff87f…

MALICIOUS

PDF

42.3 KB Created: 2019-03-17 06:35:18 +03:00 Authoring application: -
MD5: 7c837172924e6be6c89398aa11bc59c5 SHA-1: 0d33960d5da59d4cae14e80df685552457a487dd SHA-256: 9e936cc71d0ff87fa01f6dc04917dd274274b29ab74e01104a37607123b707ba
80 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a malicious intent to manipulate search engine results or redirect users to potentially harmful content. The SE_CALLBACK_LURE heuristic indicates the document may also contain deceptive text prompting users to call a phone number, typical of phishing or tech-support scams. No scripts were extracted from this sample.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/57-version-showa-life-insurance-illustrated-japan-1982-isbn-4881773178.pdf
    • http://www.gorillawalker.com/gyno-criticism-gyno-critique.pdf
    • http://www.gorillawalker.com/easy-all-natural-cooking-fish-seafood-and-weeknight-dinners-cookbook.pdf
    • http://www.gorillawalker.com/the-spiritual-wisdom-and-practices-of-early-christianity.pdf
    • http://www.gorillawalker.com/bracebridge-hall.pdf
    • http://www.gorillawalker.com/the-7-day-superfood-cleanse.pdf
    • http://www.gorillawalker.com/indian-nations-of-north-america.pdf
    • http://www.gorillawalker.com/all-about-coffee-a-history-of-coffee-from-the-classic.pdf
    • http://www.gorillawalker.com/meet-me-at-the-hermitage-hotel.pdf
    • http://www.gorillawalker.com/structured-clinical-interview-for-dsm-5-disorders-scid-5-cv.pdf
    • http://www.gorillawalker.com/business-law-ninth-edition-ucc-standard-volume.pdf
    • http://www.gorillawalker.com/the-new-2014-complete-guide-to-spongebob-square-pants-battle.pdf
    • http://www.gorillawalker.com/the-dutch-and-their-delta-living-below-sea-level.pdf
    • http://www.gorillawalker.com/nec3-framework-contract.pdf
    • http://www.gorillawalker.com/the-long-term-international-economic-position-of-the-united-states.pdf
    • http://www.gorillawalker.com/beef-stew-for-2500-feeding-our-navy-from-the-revolutionary.pdf
    • http://www.gorillawalker.com/the-bread-machine-cookbook-iv-whole-grains-natural-sugars-nitty.pdf
    • http://www.gorillawalker.com/the-other-sky.pdf
    • http://www.gorillawalker.com/the-stone-of-kings-kindle-edition.pdf
    • http://www.gorillawalker.com/complete-soccer-coaching-curriculum-for-3-18-year-old-players.pdf
    • http://www.gorillawalker.com/envisioning-islam-syriac-christians-and-the-early-muslim-world-divinations.pdf
    • http://www.gorillawalker.com/quasistatic-contact-problems-in-viscoelasticity-and-viscoplasticity-ams-ip-studies.pdf
    • http://www.gorillawalker.com/principles-of-pharmacology-mosby-s-fundamentals-of-animal-health-technology.pdf
    • http://www.gorillawalker.com/the-manly-handbook.pdf
    • http://www.gorillawalker.com/processing-the-past-contesting-authority-in-history-and-the-archives.pdf
    • http://www.gorillawalker.com/prespacetime-journal-volume-5-issue-3-bicep2-results-potential-breakthrough.pdf
    • http://www.gorillawalker.com/precalculus-precalculus-mathmatics-for-calculus-university-of-maryland.pdf
    • http://www.gorillawalker.com/introduction-to-digital-culture-living-and-thinking-in-an-information.pdf
    • http://www.gorillawalker.com/harper-james-and-gray-on-torts-2010-2-tables-and.pdf
    • http://www.gorillawalker.com/vintage-fashions-for-women-1920s-1940s.pdf
    • http://www.gorillawalker.com/structural-aspects-of-building-conservation.pdf
    • http://www.gorillawalker.com/post-war-french-popular-music-cultural-identity-and-the-brel.pdf
    • http://www.gorillawalker.com/the-jewish-state.pdf
    • http://www.gorillawalker.com/engineering-physics-as-per-kalasalingam-university-syllabus.pdf
    • http://www.gorillawalker.com/rhadophis-of-nubia.pdf
    • http://www.gorillawalker.com/the-marketing-of-industrial-products.pdf
    • http://www.gorillawalker.com/birnbaum-s-walt-disney-world-without-kids-2000-the-official.pdf
    • http://www.gorillawalker.com/normativity-in-perception-new-directions-in-philosophy-and-cognitive-science.pdf
    • http://www.gorillawalker.com/introduction-to-semimicro-qualitative-analysis.pdf
    • http://www.gorillawalker.com/how-to-stop-elderly-abuse-a-prevention-guidebook.pdf
    • http://www.gorillawalker.com/the-spiritual-wisdom-and-practices-of-early-christianit
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.