Malicious PDF — malware analysis report

Static analysis result for SHA-256 a6d7bfe1f84b2509…

MALICIOUS

PDF

36.7 KB Created: 2020-05-13 20:49:23 +03:00 Authoring application: wkhtmltopdf 0.12.1.4 (via Qt 4.8.6)
MD5: 7f4e2ddf4f2275f70c28484214420790 SHA-1: ec7823dfbcd8844a13753e430c18ec60d44327c3 SHA-256: a6d7bfe1f84b25094bc9aecb9a654e8347125e98d960251c91390070cd5c2d7c
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document exhibits characteristics of a link farm, containing numerous external links to other PDF files hosted on various domains. The document body, though partially corrupted, suggests a lure related to 'basic electrical engineering textbooks pdf'. The primary attack pattern appears to be SEO manipulation or the distribution of malicious content through a network of linked PDFs. No scripts were extracted from this sample.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://olarotimi.com/uploads/1/3/1/4/131437352/131437352.html#basic+electrical+engineering+textbooks+pdf
    • http://predictivestudies.org/uploads/1/3/0/5/130551341/9923309.pdf
    • http://maebee.net/uploads/1/3/0/7/130738997/semubemopusoli-kudibujezorofe-zunoze-suwokanogoseb.pdf
    • http://stlukesdallas.com/uploads/1/3/0/4/130476188/e3efadb2e.pdf
    • http://paulabossio.co/uploads/1/3/1/3/131383651/7677321.pdf
    • http://talkquality.com/uploads/1/3/0/5/130589217/eca40c60bf3.pdf
    • http://dead-vapors.com/uploads/1/3/1/6/131606592/nopanoxunula.pdf
    • http://dirtbagcoffin.com/uploads/1/3/0/2/130289332/xasusokako.pdf
    • http://adventureguide-outdoor.com/uploads/1/3/0/6/130621367/59af5c48.pdf
    • http://familycarephysicians.org/uploads/1/3/0/4/130436354/fabobepa.pdf
    • http://betterthanbadgamers.com/uploads/1/3/0/3/130313021/2977c49ea41dffc.pdf
    • http://aprover.fr/uploads/1/3/0/4/130483540/5384697.pdf
    • http://parkeracresfarm.com/uploads/1/3/1/6/131606291/328086.pdf
    • http://aecontracting.org/uploads/1/3/0/6/130639085/6360834.pdf
    • http://rdye-harris.com/uploads/1/3/0/7/130739431/5662205.pdf
    • http://sweetbitescreations.com/uploads/1/3/0/2/130272443/jijonexiwoxovaf-putukurapusovaw-bexiwo.pdf
    • http://boostersnetwork.org/uploads/1/3/0/4/130490221/699ef.pdf
    • http://stansplumbing.net/uploads/1/3/1/4/131408772/c11b3248ef352a.pdf
    • http://kinematicintegration.com/uploads/1/3/0/5/130545011/xinuluziv_razamiwotox_gewusajo_nitirariwexujup.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.