Malicious PDF — malware analysis report

Static analysis result for SHA-256 aab609fd49f492fc…

MALICIOUS

PDF

33.1 KB Created: 2019-11-23 20:10:07 +03:00 Authoring application: Word 10.0 (via AFPL Ghostscript 8.13)
MD5: 5169c6c1f55657e5de942c628dc1fb54 SHA-1: 8c2037ea0d9e6ca247228ec3db2fb7f478209b80 SHA-256: aab609fd49f492fc2e9683760e5cf7f14c32dc74c3253653656026dbb70939d1
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits characteristics of a link farm, with 32 external links embedded within the document. The primary heuristic firing, PDF_SEO_LINK_FARM, indicates a high volume of links, suggesting an attempt to manipulate search engine results or redirect users to potentially malicious content. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern or intent beyond link distribution.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dynamics-in-geometrical-confinement-advances-in-dielectrics.pdf
    • http://www.gorillawalker.com/discovering-relativity-for-yourself.pdf
    • http://www.gorillawalker.com/megagauss-physics-and-technology.pdf
    • http://www.gorillawalker.com/montana-s-rocky-mountain-front.pdf
    • http://www.gorillawalker.com/perspective-made-easy.pdf
    • http://www.gorillawalker.com/history-of-the-north-2-korean-edition.pdf
    • http://www.gorillawalker.com/amc-s-best-backpacking-in-new-england-a-guide-to.pdf
    • http://www.gorillawalker.com/the-presidency-of-george-washington-american-presidency-univ-of-kansas.pdf
    • http://www.gorillawalker.com/extreme-revenue-growth-startup-secrets-to-growing-your-sales-from.pdf
    • http://www.gorillawalker.com/the-depression-of-grief-coping-with-your-sadness-and-knowing.pdf
    • http://www.gorillawalker.com/black-trivia-the-african-american-experience-a-to-z.pdf
    • http://www.gorillawalker.com/tb-9-1340-227-24-maintenance-information-on-rocket-2.pdf
    • http://www.gorillawalker.com/the-future-of-investment-arbitration.pdf
    • http://www.gorillawalker.com/princeton-review-cracking-the-gre-biology-2nd-edition.pdf
    • http://www.gorillawalker.com/spencerian-penmanship-copybook-2.pdf
    • http://www.gorillawalker.com/an-environmental-history-of-russia-studies-in-environment-and-history.pdf
    • http://www.gorillawalker.com/boots-of-leather-slippers-of-gold-the-history-of-a.pdf
    • http://www.gorillawalker.com/barging-on-sequel-to-on-wet-foundations.pdf
    • http://www.gorillawalker.com/law-of-tort.pdf
    • http://www.gorillawalker.com/comoros-travel-journal-pop-737-284-me.pdf
    • http://www.gorillawalker.com/hunting-black-tailed-deer.pdf
    • http://www.gorillawalker.com/perspectives-on-discourse-analysis-theory-and-practice.pdf
    • http://www.gorillawalker.com/lehrerhandbuch-delfin-german-edition.pdf
    • http://www.gorillawalker.com/mechanical-and-electrical-systems-in-buildings-5th-edition.pdf
    • http://www.gorillawalker.com/practical-mythtv-building-a-pvr-and-media-center-pc.pdf
    • http://www.gorillawalker.com/benson-s-microbiological-applications-laboratory-manual-in-general-microbiology-short.pdf
    • http://www.gorillawalker.com/die-republik-costa-rica-in-central-amerika-mit-besonderer-berucksichtigung.pdf
    • http://www.gorillawalker.com/life-s-little-lessons-an-inch-by-inch-tale-of.pdf
    • http://www.gorillawalker.com/the-fight-for-peace-secret-story-behind-the-irish-peace.pdf
    • http://www.gorillawalker.com/stop-endometriosis-and-pelvic-pain-what-every-woman-her-doctor.pdf
    • http://www.gorillawalker.com/saxophone-styles-cd-pkg.pdf
    • http://www.gorillawalker.com/your-guide-to-the-sky.pdf
    • http://www.gorillawalker.com/the-armed-forces-of-north-korea.pdf
    • http://www.gorillawalker.com/green-tree-pythons-up-a-tree.pdf
    • http://www.gorillawalker.com/origins-and-successors-of-the-compact-disc-contributions-of-philips.pdf
    • http://www.gorillawalker.com/stairway-to-hell-the-500-best-heavy-metal-albums-in.pdf
    • http://www.gorillawalker.com/different-desire-a-gay-victorian-romance-and-erotic-novelette-collection.pdf
    • http://www.gorillawalker.com/abortion-and-politics-of-motherhood.pdf
    • http://www.gorillawalker.com/wood-engraving-the-art-of-wood-engraving-and-relief-engraving.pdf
    • http://www.gorillawalker.com/renewing-your-mind-basic-christian-beliefs-you-need-to-know.pdf
    • http://www.gorillawalker.com/extreme-rev
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.