Malicious PDF — malware analysis report

Static analysis result for SHA-256 b95f3630ba2c300e…

MALICIOUS

PDF

43.1 KB Created: 2018-11-30 20:33:52 +03:00 Authoring application: Adobe Acrobat 8.13 (via Adobe Acrobat 8.13 Image Conversion Plug-in)
MD5: 3f5e4fa66adc86d4365e01818d58be1b SHA-1: 42a15d7309389d666bbf2088d090605fe07745b5 SHA-256: b95f3630ba2c300eefa5b9502c4aa07137643b55480e661e6542d9346cd0ed7e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a heuristic firing for a large number of embedded external links, suggesting a link farm or distribution mechanism. While no scripts were directly analyzed for malicious intent, the sheer volume of links to external PDFs from a single document is highly suspicious. The embedded JavaScript stream, though not fully analyzed, could potentially be used to facilitate the redirection or download of further malicious content.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ecology-of-sonoran-desert-plants-and-plant-communities-hardcover.pdf
    • http://www.gorillawalker.com/anatomic-approach-to-minimally-invasive-spine-surgery.pdf
    • http://www.gorillawalker.com/strauss-arabella-eno-english-national-opera-30.pdf
    • http://www.gorillawalker.com/entropy-demystified-the-second-law-reduced-to-plain-common-sense.pdf
    • http://www.gorillawalker.com/sissy-jessica-and-more-sissy-erotica-compilation.pdf
    • http://www.gorillawalker.com/galeria-de-art-y-vida-teachers-annotated-edition-spanish-edition.pdf
    • http://www.gorillawalker.com/aliens-predator-panel-to-panel.pdf
    • http://www.gorillawalker.com/5s-system-an-introduction-dvd.pdf
    • http://www.gorillawalker.com/world-of-doppelgangers-a-paranormal-lesbian-menage-lesbian-doppelgangers-book.pdf
    • http://www.gorillawalker.com/cosmetic-and-toiletry-formulations-volume-4.pdf
    • http://www.gorillawalker.com/castle-gardens-of-mey-the.pdf
    • http://www.gorillawalker.com/health-and-healing-in-comparative-perspective.pdf
    • http://www.gorillawalker.com/lacan-y-el-posfeminismo-spanish-edition.pdf
    • http://www.gorillawalker.com/servsafe-coursebook-with-answer-sheet-6th-edition-myservsafelab-series.pdf
    • http://www.gorillawalker.com/99-days-of-laney-macguire.pdf
    • http://www.gorillawalker.com/spring-forest-qigong-for-healing-level-2-compact-discs-level.pdf
    • http://www.gorillawalker.com/the-mind-s-eye-kindle-edition.pdf
    • http://www.gorillawalker.com/the-essential-charles-fillmore-collected-writings-of-a-missouri-mystic.pdf
    • http://www.gorillawalker.com/aerodynamics-of-a-lifting-system-in-extreme-ground-effect-hardcover.pdf
    • http://www.gorillawalker.com/keller-bundle-shrinkwrapped.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-malaysia-singapore-brunei.pdf
    • http://www.gorillawalker.com/missouri-ozark-waterways-a-detailed-guide-to-37-major-float.pdf
    • http://www.gorillawalker.com/the-ditty-bag-book-a-guide-for-sailors.pdf
    • http://www.gorillawalker.com/lane-county-oregon-mountain-bike-ride-guide.pdf
    • http://www.gorillawalker.com/father-to-daughter-revised-edition-life-lessons-on-raising-a.pdf
    • http://www.gorillawalker.com/ambrose-and-the-princess.pdf
    • http://www.gorillawalker.com/using-autocad-2011.pdf
    • http://www.gorillawalker.com/memoir-36-the-geological-record-of-neoproterozoic-glaciations-geological-society.pdf
    • http://www.gorillawalker.com/caribbean-middlebrow-leisure-culture-and-the-middle-class.pdf
    • http://www.gorillawalker.com/hal-leonard-clarinet-choir-repertoire-1st-b-flat-clarinet.pdf
    • http://www.gorillawalker.com/saint-petersburg.pdf
    • http://www.gorillawalker.com/the-norton-anthology-of-english-literature-ninth-edition-vol-a.pdf
    • http://www.gorillawalker.com/advanced-fitness-assessment-and-exercise-prescription.pdf
    • http://www.gorillawalker.com/all-pets-go-to-heaven-the-spiritual-lives-of-the.pdf
    • http://www.gorillawalker.com/ordenacion-y-planificacion-territorial-historia-medieval-spanish-edition.pdf
    • http://www.gorillawalker.com/multiple-sclerosis-recoverer-s-guide-how-to-get-your-sex.pdf
    • http://www.gorillawalker.com/graphic-guide-to-site-construction-over-325-details-for-builders.pdf
    • http://www.gorillawalker.com/psychostimulants-as-antidepressants.pdf
    • http://www.gorillawalker.com/computational-methods-in-the-fractional-calculus-of-variations.pdf
    • http://www.gorillawalker.com/jekka-s-herb-cookbook.pdf
    • http://www.gorillawalker.com/5s-system-an-introduct
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00001925.js
685b8ba5ef494ae14b17c7469097f6bd6183f2ba9ab98f2af4534e11bf7cebc8		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1925 36017 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.