Malicious PDF — malware analysis report

Static analysis result for SHA-256 bd3e859bdd23c6ca…

MALICIOUS

PDF

48.3 KB Created: 2018-12-15 08:53:24 +03:00 Authoring application: calibre 0.9.13 [http://calibre-ebook.com]
MD5: 46fc59be7b37edd565eb4f3f2a033e05 SHA-1: 217e09f6d167e78accbad353b0b5d2ffde74e42d SHA-256: bd3e859bdd23c6caae3b6762793e42f5b01075d2de679204f5050816d17556e6
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, all pointing to the same domain. This suggests a link farm or SEO manipulation tactic. The embedded URLs are likely intended to redirect users to malicious content or further phishing attempts. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/glory-to-god-in-the-highest-sheet-music.pdf
    • http://www.gorillawalker.com/obstetric-ultrasound-artistry-in-practice.pdf
    • http://www.gorillawalker.com/the-los-angeles-riots-lessons-for-the-urban-future-urban.pdf
    • http://www.gorillawalker.com/the-crow-eaters.pdf
    • http://www.gorillawalker.com/the-falklands-malvinas-case-breaking-the-deadlock-in-the-anglo.pdf
    • http://www.gorillawalker.com/street-survival-guide-self-defense-awareness-avoidance-and-fighting-techniques.pdf
    • http://www.gorillawalker.com/how-capitalism-saved-america-the-untold-history-of-our-country.pdf
    • http://www.gorillawalker.com/unreasonable-doubt-circumstantial-evidence-and-the-art-of-judgment.pdf
    • http://www.gorillawalker.com/mini-bar-tequila-a-little-book-of-big-drinks.pdf
    • http://www.gorillawalker.com/the-holocaust-is-over-we-must-rise-from-its-ashes.pdf
    • http://www.gorillawalker.com/killer-comet-what-the-carolina-bays-tell-us.pdf
    • http://www.gorillawalker.com/insight-guide-lisbon-lisbon-3rd-ed.pdf
    • http://www.gorillawalker.com/the-physics-of-astrophysics-volume-ii-gas-dynamics-a-series.pdf
    • http://www.gorillawalker.com/modern-medical-assisting-1e.pdf
    • http://www.gorillawalker.com/ivor-allchurch-mbe-the-authorised-biography.pdf
    • http://www.gorillawalker.com/protecting-your-assets-from-a-georgia-divorce-successful-divorce.pdf
    • http://www.gorillawalker.com/new-principles-of-best-practice-in-clinical-audit.pdf
    • http://www.gorillawalker.com/proto-slavic-inflectional-morphology-a-comparative-handbook-brill-s-studies.pdf
    • http://www.gorillawalker.com/protect-your-garden-eco-friendly-solutions-for-healthy-plants.pdf
    • http://www.gorillawalker.com/no-cook-paleo-dessert-and-on-the-go-cookbook-ultimate.pdf
    • http://www.gorillawalker.com/the-methuen-book-of-contemporary-monologues-for-men-audition-speeches.pdf
    • http://www.gorillawalker.com/back-pain-a-movement-problem-a-clinical-approach-incorporating-relevant.pdf
    • http://www.gorillawalker.com/imaging-with-synthetic-aperture-radar-engineering-sciences-electrical-engineering.pdf
    • http://www.gorillawalker.com/galloping-goldrush-the-journey-begins-galloping-goldrush.pdf
    • http://www.gorillawalker.com/senior-year-step-by-step-simple-instructions-for-busy-homeschool.pdf
    • http://www.gorillawalker.com/big-book-of-slot-video-poker-kindle-edition.pdf
    • http://www.gorillawalker.com/network-marketing-20-amazing-lessons-on-how-to-build-a.pdf
    • http://www.gorillawalker.com/13-things-rich-people-won-t-tell-you-325-tried.pdf
    • http://www.gorillawalker.com/marley-1945-1981.pdf
    • http://www.gorillawalker.com/the-siege-of-bastogne-the-history-of-the-turning-point.pdf
    • http://www.gorillawalker.com/sadlier-phonics-level-b-phonics-reading-ser.pdf
    • http://www.gorillawalker.com/philosophical-pearls-of-the-shakespearean-deep.pdf
    • http://www.gorillawalker.com/histoires.pdf
    • http://www.gorillawalker.com/the-long-climb-from-barber-surgeons-to-doctors-of-dental.pdf
    • http://www.gorillawalker.com/indian-jujube-ziziphus-mauritiana-lamk-morphological-and-physiological-studies-on.pdf
    • http://www.gorillawalker.com/diesel-fuel-injection-bosch-technical-instruction.pdf
    • http://www.gorillawalker.com/the-complete-worship-suites-18-expressive-suites-arranged-for-solo.pdf
    • http://www.gorillawalker.com/ken-hom-s-foolproof-chinese-cookery.pdf
    • http://www.gorillawalker.com/journey-to-mount-athos-a-spiritual-pilgrimage-from-joliet-to.pdf
    • http://www.gorillawalker.com/cosmetic-dermatology-products-and-procedures-digital.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.