Malicious PDF — malware analysis report

Static analysis result for SHA-256 b56d11341396c832…

MALICIOUS

PDF

34.1 KB Created: 2020-01-03 01:15:12 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Acrobat Distiller 9.5.3 (Macintosh))
MD5: 75c34ed79de007be1ad7fcae76db01f0 SHA-1: d7e1702d4c9ba609f5c349eaec8fc8cb8a8c518f SHA-256: b56d11341396c832ea4c285112f3acf0a5970b091576a5b4649de20c4569ba6f
80 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The SE_CALLBACK_LURE heuristic suggests a potential phishing or scam context, although the document body itself is heavily obfuscated and does not provide clear textual lures. The primary attack pattern appears to be the distribution of numerous links, likely to manipulate search engine results or redirect users to potentially malicious websites.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/coffee-break-french-14-lessons-66-70-learn-french-in.pdf
    • http://www.gorillawalker.com/the-beauty-detox-power-nourish-your-mind-and-body-for.pdf
    • http://www.gorillawalker.com/technical-skills-for-adventure-programming-a-curriculum-guide.pdf
    • http://www.gorillawalker.com/tv-studies-bundle-the-television-studies-reader.pdf
    • http://www.gorillawalker.com/researching-the-presidency-vital-questions-new-approaches-pitt-series-in.pdf
    • http://www.gorillawalker.com/japanese-cooking-made-simple-a-japanese-cookbook-with-authentic-recipes.pdf
    • http://www.gorillawalker.com/diccionario-de-gastronomia-y-hosteleria-spanish-edition.pdf
    • http://www.gorillawalker.com/the-saint-meets-his-match-the-saint-series.pdf
    • http://www.gorillawalker.com/how-to-open-operate-a-financially-successful-herb-and-herbal.pdf
    • http://www.gorillawalker.com/survivors-great-open-boat-voyages.pdf
    • http://www.gorillawalker.com/chemistry-the-central-science-11th-edition.pdf
    • http://www.gorillawalker.com/les-jeunes-en-shorts-en-velours-cotele-french-edition.pdf
    • http://www.gorillawalker.com/guess-who-s-my-pet-guess-who-s-books.pdf
    • http://www.gorillawalker.com/seeing-voices.pdf
    • http://www.gorillawalker.com/gender-swap-fantasies-gender-transformation-feminization-erotica.pdf
    • http://www.gorillawalker.com/nikon-d7100-from-snapshots-to-great-shots.pdf
    • http://www.gorillawalker.com/collins-easy-learning-polish-dictionary-polish-and-english-edition.pdf
    • http://www.gorillawalker.com/called-and-accountable-discovering-your-place-in-god-s-eternal.pdf
    • http://www.gorillawalker.com/customer-data-integration-reaching-a-single-version-of-the-truth.pdf
    • http://www.gorillawalker.com/pharmacology-test-prep-1500-usmle-style-questions-answers.pdf
    • http://www.gorillawalker.com/introductory-logic-and-sets-for-computer-scientists-international-computer-science.pdf
    • http://www.gorillawalker.com/food-and-environment-in-early-and-medieval-china-encounters-with.pdf
    • http://www.gorillawalker.com/chinese-music-introductions-to-chinese-culture.pdf
    • http://www.gorillawalker.com/before-your-teenagers-drive-you-crazy-read-this-battlefield-wisdom.pdf
    • http://www.gorillawalker.com/typee-a-peep-at-polynesian-life-penguin-classics.pdf
    • http://www.gorillawalker.com/man-and-technics-a-contribution-to-a-philosophy-of-life.pdf
    • http://www.gorillawalker.com/the-devil-and-winnie-flynn.pdf
    • http://www.gorillawalker.com/spartacus-international-sauna-guide-bathhouses-multilingual-edition.pdf
    • http://www.gorillawalker.com/hysterical-personality-classical-psychoanalysis-and-its-applications.pdf
    • http://www.gorillawalker.com/the-life-cycle-of-a-fern.pdf
    • http://www.gorillawalker.com/atomic-peace-the-chain-reaction-of-good-pendle-hill-pamphlets.pdf
    • http://www.gorillawalker.com/how-to-enjoy-mallorca-for-less-than-10-euros-per.pdf
    • http://www.gorillawalker.com/creating-island-resorts-routledge-advances-in-tourism.pdf
    • http://www.gorillawalker.com/anglican-churches-in-colonial-south-carolina.pdf
    • http://www.gorillawalker.com/popular-music-of-the-olden-time-the-whole-of-the.pdf
    • http://www.gorillawalker.com/the-guide-to-best-european-business-schools.pdf
    • http://www.gorillawalker.com/silence-of-the-lambs.pdf
    • http://www.gorillawalker.com/redefining-rethink-repattern-and-recreate-yourself-capital-cares.pdf
    • http://www.gorillawalker.com/nace-coating-inspector-s-logbook.pdf
    • http://www.gorillawalker.com/hip-hop-sankofa-poetry-spoken-word-and-rap.pdf
    • http://www.gorillawalker.com/les-jeunes-en-shorts-en-velours-cotele-french-editio
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.