Malicious PDF — malware analysis report

Static analysis result for SHA-256 a9ee513c93fc49c2…

MALICIOUS

PDF

43.8 KB Created: 2019-03-17 08:16:27 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0 (Windows))
MD5: 66d7bde7f295c475226912612c27b062 SHA-1: c904c029c15fb0623ae9deaca8f397230cddec47 SHA-256: a9ee513c93fc49c24504b0ce04834e49ec65fe2679a0cf8227e16ef680102738
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain. No scripts were extracted from this sample, limiting the ability to determine further malicious intent beyond the link farm.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/keylinks-reading-language-arts-form-a-level-8.pdf
    • http://www.gorillawalker.com/slow-cooker-cookbook-vol-5-8-hour-plus-meals-that.pdf
    • http://www.gorillawalker.com/introductory-medical-surgical-nursing-plus-liveadvise-online-student-tutoring-service.pdf
    • http://www.gorillawalker.com/home-school-source-bk.pdf
    • http://www.gorillawalker.com/model-driven-engineering-languages-and-systems-10th-international-conference-models.pdf
    • http://www.gorillawalker.com/systems-biology-for-traditional-chinese-medicine.pdf
    • http://www.gorillawalker.com/uncover-level-1-teacher-s-book.pdf
    • http://www.gorillawalker.com/lifting-the-curtain-on-design.pdf
    • http://www.gorillawalker.com/corduroy-giant-shaped-board-book.pdf
    • http://www.gorillawalker.com/2013-water-wastewater-rate-survey.pdf
    • http://www.gorillawalker.com/elements-of-language-developmental-language-skills-first-course.pdf
    • http://www.gorillawalker.com/polythiophenes-electrically-conductive-polymers-advances-in-polymer-science.pdf
    • http://www.gorillawalker.com/report-on-product-liability-insurance-hima-report-no-77-2.pdf
    • http://www.gorillawalker.com/symphony-no7-e-major-nowak-edition-study-score-edition-eulenburg.pdf
    • http://www.gorillawalker.com/chemical-safety-data-sheets-volume-4-toxic-chemicals-part-b.pdf
    • http://www.gorillawalker.com/stochastic-models-in-queueing-theory-second-edition.pdf
    • http://www.gorillawalker.com/misery.pdf
    • http://www.gorillawalker.com/film-and-television-twentieth-century-inventions.pdf
    • http://www.gorillawalker.com/engineering-psychology-and-cognitive-ergonomics-transportation-systems-engineering-psychology-cognitive.pdf
    • http://www.gorillawalker.com/the-japanese-samurai-ancient-and-medieval-people.pdf
    • http://www.gorillawalker.com/antolog-a-de-la-poes-a-hispanoamericana-alba-spanish-edition.pdf
    • http://www.gorillawalker.com/the-history-of-philosophy-1701.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-penguin-classics-deluxe-edition-kindle.pdf
    • http://www.gorillawalker.com/child-rights-in-india-challenges-and-social-action.pdf
    • http://www.gorillawalker.com/the-star-bitch-in-wasteland-warrior-a-vonda-andromeda-adventure.pdf
    • http://www.gorillawalker.com/yuit.pdf
    • http://www.gorillawalker.com/the-viking-bodleys-an-excursion-into-norway-and-denmark.pdf
    • http://www.gorillawalker.com/a-da-act-i-romanza-celeste-aida-full-score-qty.pdf
    • http://www.gorillawalker.com/time-delay-systems-lyapunov-functionals-and-matrices-control-engineering.pdf
    • http://www.gorillawalker.com/quitter-un-pervers-narcissique-en-10-le.pdf
    • http://www.gorillawalker.com/racism-in-american-popular-media-from-aunt-jemima-to-the.pdf
    • http://www.gorillawalker.com/brachytherapy-high-dose-radiation-equal-in-some-prostate-ca-news.pdf
    • http://www.gorillawalker.com/plants-of-rocky-mountain-national-park.pdf
    • http://www.gorillawalker.com/oubosokudorihkei-shizuku-syasinsyuu-vol1-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/an-essay-on-irish-bulls-classics-of-irish-history.pdf
    • http://www.gorillawalker.com/stuffed-the-hayling-cycle-kindle-edition.pdf
    • http://www.gorillawalker.com/u-s-imperialism.pdf
    • http://www.gorillawalker.com/bergers-d-arcadie-poetes-et-philosophes-de-l-age-d.pdf
    • http://www.gorillawalker.com/finish-carpentry-a-complete-interior-exterior-guide.pdf
    • http://www.gorillawalker.com/42cm-big-bertha-and-german-siege-artillery-of-world-war.pdf
    • http://www.gorillawalker.com/model-driven-engineering-languages-and-systems-10th-intern
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.