Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa8fe15839c8d648…

MALICIOUS

PDF

42.1 KB Created: 2018-12-14 20:13:42 +03:00 Authoring application: Adobe Illustrator CS3 (via Adobe PDF library 8.00)
MD5: 592454552d2691cea8a5f345629714f7 SHA-1: 70cbe62579f9f0621df4fb92269250dce181427b SHA-256: aa8fe15839c8d648d03e6379cba759e4e1917ace5cf1f382597ed2e7a6cb3f4b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file exhibits a PDF_SEO_LINK_FARM heuristic, indicating a large number of embedded external links. The document body is heavily obfuscated and unreadable, but the presence of numerous links to external PDFs suggests a tactic to manipulate search engine results or to serve as a lure for users. The primary IOCs are the URLs associated with this link farm.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-little-black-songbook-johnny-cash-best-of-the-american.pdf
    • http://www.gorillawalker.com/my-happy-heart-sweet-hearts.pdf
    • http://www.gorillawalker.com/butterflies-of-alabama-glimpses-into-their-lives-gosse-nature-guides.pdf
    • http://www.gorillawalker.com/a-guide-to-remembering-japanese-characters.pdf
    • http://www.gorillawalker.com/couscous-fresh-and-flavorful-contemporary-recipes.pdf
    • http://www.gorillawalker.com/aging-process-and-people-with-spinal-cord-injuries.pdf
    • http://www.gorillawalker.com/20-cheap-vegetarian-recipes.pdf
    • http://www.gorillawalker.com/paul-feeley-1957-1962.pdf
    • http://www.gorillawalker.com/wordpress-ultimate-beginner-s-guide-to-creating-your-own-website.pdf
    • http://www.gorillawalker.com/trauma-case-studies-for-the-paramedic.pdf
    • http://www.gorillawalker.com/audit-and-accountancy-pitfalls-a-casebook-for-practising-accountants-lawyers.pdf
    • http://www.gorillawalker.com/but-i-ll-be-back-again.pdf
    • http://www.gorillawalker.com/the-nazis-a-warning-from-history-by-rees-laurence-2006.pdf
    • http://www.gorillawalker.com/a2-french-flash-revise-cards-french-edition.pdf
    • http://www.gorillawalker.com/buried-in-the-bitter-waters-the-hidden-history-of-racial.pdf
    • http://www.gorillawalker.com/mcat-flashcard-study-system-mcat-exam-practice-questions-review-for.pdf
    • http://www.gorillawalker.com/yokohama-gaijin-memoir-of-a-foreigner-born-in-japan.pdf
    • http://www.gorillawalker.com/el-clan-inugami-the-inugami-clan-bestsellers-spanish-edition.pdf
    • http://www.gorillawalker.com/get-with-it-girls-life-is-competition.pdf
    • http://www.gorillawalker.com/records-management-with-cd-rom.pdf
    • http://www.gorillawalker.com/the-boxer-s-heart-lessons-from-the-ring.pdf
    • http://www.gorillawalker.com/kidcollectors-the-incredible-collecting-book.pdf
    • http://www.gorillawalker.com/la-gu-a-esencial-para-la-sanidad-equipe-a-todo.pdf
    • http://www.gorillawalker.com/the-common-sense-of-baby-and-child-care.pdf
    • http://www.gorillawalker.com/tractatus-hierographicus-or-a-treatise-of-the-holy-scriptures-1878.pdf
    • http://www.gorillawalker.com/making-music-in-the-arab-world-the-culture-and-artistry.pdf
    • http://www.gorillawalker.com/the-leading-rogue-state-the-u-s-and-human-rights.pdf
    • http://www.gorillawalker.com/new-york-test-prep-common-core-quiz-book-language-grade.pdf
    • http://www.gorillawalker.com/the-planar-head-workbook-kindle-edition.pdf
    • http://www.gorillawalker.com/left-for-dead-a-young-man-s-search-for-justice.pdf
    • http://www.gorillawalker.com/contemporary-wedding-photography.pdf
    • http://www.gorillawalker.com/bodies-from-the-ash-life-and-death-in-ancient-pompeii.pdf
    • http://www.gorillawalker.com/john-henry-newman.pdf
    • http://www.gorillawalker.com/the-prairie-people-forgotten-anabaptists.pdf
    • http://www.gorillawalker.com/symbiotic-mates-6-lane-and-the-lycans-symbiotic-mates-6.pdf
    • http://www.gorillawalker.com/blood-n-thunder-2013-14-special-edition.pdf
    • http://www.gorillawalker.com/yamamoto-new-scalp-acupuncture-principles-and-practice.pdf
    • http://www.gorillawalker.com/brainsteering-a-better-approach-to-breakthrough-ideas.pdf
    • http://www.gorillawalker.com/leading-change-in-the-congregation-spiritual-organizational-tools-for-leaders.pdf
    • http://www.gorillawalker.com/discontent-and-its-civilizations-dispatches-from-lahore-new-york-and.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.