Malicious PDF — malware analysis report

Static analysis result for SHA-256 b60690604bdc280a…

MALICIOUS

PDF

44.8 KB Created: 2018-12-15 20:11:04 +03:00 Authoring application: - (via Acrobat Distiller 5.0.1 for Macintosh)
MD5: 5c789f0229f636af69589eaa950f302a SHA-1: 31218fbb409ba94e25d65594c97afcf10bfc429d SHA-256: b60690604bdc280a79372203ee4c9b988d838e262748ff42dc76aab3a9bb16a0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, indicating a link farm or a distribution mechanism for other malicious content. The heuristic 'PDF_SEO_LINK_FARM' strongly suggests this malicious intent. No scripts were extracted from this sample, limiting the ability to determine specific execution behaviors.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/strategic-reconfigurations-building-dynamics-capabilities-in-rapid-innovation-based-industries.pdf
    • http://www.gorillawalker.com/travel-adventures-bermuda-adventure-guide-to-bermuda.pdf
    • http://www.gorillawalker.com/museums-and-silent-objects-designing-effective-exhibitions.pdf
    • http://www.gorillawalker.com/the-new-generations-of-europeans-demography-and-families-in-the.pdf
    • http://www.gorillawalker.com/psychiatric-disorders-professional-care-guides.pdf
    • http://www.gorillawalker.com/iwanna-stay-icarly.pdf
    • http://www.gorillawalker.com/tiny-house-builder-how-to-build-a-simple-wooden-house.pdf
    • http://www.gorillawalker.com/accessing-uncultivated-microorganisms-from-the-environment-to-organisms-and-genomes.pdf
    • http://www.gorillawalker.com/the-under-dog-and-other-stories-a-hercule-poirot-collection.pdf
    • http://www.gorillawalker.com/the-dragon-fifteen-stories.pdf
    • http://www.gorillawalker.com/millionaire-blackjack-professional-gaming-series.pdf
    • http://www.gorillawalker.com/dentition-of-living-primates.pdf
    • http://www.gorillawalker.com/the-little-red-book-of-holiday-homicides.pdf
    • http://www.gorillawalker.com/frequently-asked-questions-about-staying-fit-faq-teen-life.pdf
    • http://www.gorillawalker.com/scholastic-reader-level-1-on-the-road.pdf
    • http://www.gorillawalker.com/the-operation-and-management-of-a-software-company-an-entrepreneurial.pdf
    • http://www.gorillawalker.com/first-devotional-putting-god-first-in-living-and-giving.pdf
    • http://www.gorillawalker.com/royal-hyderabadi-cooking.pdf
    • http://www.gorillawalker.com/the-traveler-s-guide-to-japanese-pilgrimages.pdf
    • http://www.gorillawalker.com/sports-analytics-a-guide-for-coaches-managers-and-other-decision.pdf
    • http://www.gorillawalker.com/my-night-with-reg.pdf
    • http://www.gorillawalker.com/traveling-in-croatia-kindle-edition.pdf
    • http://www.gorillawalker.com/the-way-of-wanderlust-the-best-travel-writing-of-don.pdf
    • http://www.gorillawalker.com/the-american-fantasy-tradition.pdf
    • http://www.gorillawalker.com/i-wonder.pdf
    • http://www.gorillawalker.com/politics-under-the-later-stuarts-party-conflict-in-a-divided.pdf
    • http://www.gorillawalker.com/praying-the-beatitudes.pdf
    • http://www.gorillawalker.com/the-forsyte-saga-complete.pdf
    • http://www.gorillawalker.com/using-pro-desktop-8.pdf
    • http://www.gorillawalker.com/the-ditchdigger-s-daughters.pdf
    • http://www.gorillawalker.com/sciatica-no-more-a-comprehensive-guide-to-sciatica-causes-symptoms.pdf
    • http://www.gorillawalker.com/food-an-authoritative-and-visual-history-and-dictionary-of-the.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-computer-basics-4e.pdf
    • http://www.gorillawalker.com/la-guerra-de-los-zetas-viaje-por-la-frontera-de.pdf
    • http://www.gorillawalker.com/up-up-and-away-the-kid-the-hawk-rock-vladi.pdf
    • http://www.gorillawalker.com/by-browntrout-lighthouses-new-england-2015-square-12x12-multilingual-edition.pdf
    • http://www.gorillawalker.com/principles-of-microeconomics-10th-edition-the-pearson-series-in-economics.pdf
    • http://www.gorillawalker.com/the-ultimate-tattoo-training-guide.pdf
    • http://www.gorillawalker.com/gesta-francorum-et-aliorum-hierosolimitanorum-the-deeds-of-the-franks.pdf
    • http://www.gorillawalker.com/uv-vis-and-photoluminescence-spectroscopy-for-nanomaterials-characterization.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.