Malicious PDF — malware analysis report

Static analysis result for SHA-256 bdff6f1fd0442e60…

MALICIOUS

PDF

44.8 KB Created: 2018-11-30 20:39:19 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Word (via Acrobat Distiller 7.0 (Windows))
MD5: 934a90a372caab87cbe4b6b96e0418c6 SHA-1: 0be1b3b6f0d6ecf22fbfb3260784ad1904aa924e SHA-256: bdff6f1fd0442e6092f40901cfb938804f12a188b6c5ab20a2c55d3b505918ea
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a heuristic firing for PDF_SEO_LINK_FARM, indicating a large number of embedded external links. The document body confirms the presence of numerous URLs, all pointing to the same domain, suggesting a link farm or a distribution point for malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of specific payloads.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/neonatal-encephalopathy-and-cerebral-palsy-defining-the-pathogenesis-pathophysiology-a.pdf
    • http://www.gorillawalker.com/the-big-book-of-building-everything-minecraft-153-imagine-it.pdf
    • http://www.gorillawalker.com/the-skeleton-in-the-closet-southern-ghost-hunter-book-2.pdf
    • http://www.gorillawalker.com/1995-national-construction-estimator-book-and-disk-national-construction-estimator.pdf
    • http://www.gorillawalker.com/fundamentos-de-educaci-n-comparada-spanish-edition.pdf
    • http://www.gorillawalker.com/mis-primeras-letras-cuaderno-de-actividades-spanish-edition.pdf
    • http://www.gorillawalker.com/gesti-n-de-proyectos-con-mapas-mentales-i.pdf
    • http://www.gorillawalker.com/the-girl-who-came-home-a-novel-of-the-titanic.pdf
    • http://www.gorillawalker.com/bayesian-inference-for-partially-identified-models-exploring-the-limits-of.pdf
    • http://www.gorillawalker.com/miles-standish-cl-colonial-leaders.pdf
    • http://www.gorillawalker.com/the-constitution-the-declaration-of-independence-and-the-articles-of.pdf
    • http://www.gorillawalker.com/telebanking-teleshopping-and-the-law-computer-law-series-vol-1.pdf
    • http://www.gorillawalker.com/how-to-design-ted-worthy-presentation-slides-presentation-design-principles.pdf
    • http://www.gorillawalker.com/games-of-architecture-architectural-design-profile.pdf
    • http://www.gorillawalker.com/wei-jin-liu-chao-wen-xue-yu-xuan-xue-si.pdf
    • http://www.gorillawalker.com/blueprint-for-baseball-kindle-edition.pdf
    • http://www.gorillawalker.com/an-accidental-anarchist-how-the-killing-of-a-humble-jewish.pdf
    • http://www.gorillawalker.com/trustee-act-2000-a-practical-guide.pdf
    • http://www.gorillawalker.com/bowling-bowling-box-set-2-in-1-bowling-for-beginners.pdf
    • http://www.gorillawalker.com/nemesis-harry-hole.pdf
    • http://www.gorillawalker.com/movilidad-y-uso-del-espacio-de-cazadores-recolectores-del-holoceno.pdf
    • http://www.gorillawalker.com/dictionary-of-proper-names-the-penguin.pdf
    • http://www.gorillawalker.com/rethinking-victorian-culture.pdf
    • http://www.gorillawalker.com/2666-a-novel-library-edition.pdf
    • http://www.gorillawalker.com/the-abortion-debate-understanding-the-issues-issues-in-focus-today.pdf
    • http://www.gorillawalker.com/the-best-american-history-book-in-the-world-all-the.pdf
    • http://www.gorillawalker.com/el-numero-13-en-la-vida-de-los-aztecas-2a.pdf
    • http://www.gorillawalker.com/rolfing-stories-of-personal-empowerment.pdf
    • http://www.gorillawalker.com/mariology-a-guide-for-priests-deacons-seminarians-and-consecrated-persons.pdf
    • http://www.gorillawalker.com/the-prophet-s-camel-bell-a-memoir-of-somaliland.pdf
    • http://www.gorillawalker.com/fight-for-the-fae-the-mirrored-prophecy-book-2.pdf
    • http://www.gorillawalker.com/in-die-eigenen-h-nde-kindle-single-german-edition.pdf
    • http://www.gorillawalker.com/negotiating-identities-education-for-empowerment-in-a-diverse-society.pdf
    • http://www.gorillawalker.com/barbie-live-2002-wall-calendar.pdf
    • http://www.gorillawalker.com/the-law-of-multi-bank-financing.pdf
    • http://www.gorillawalker.com/clinical-pathophysiology-made-ridiculously-simple.pdf
    • http://www.gorillawalker.com/opera-on-compact-discs-the-penguin-guide-to-penguin-handbooks.pdf
    • http://www.gorillawalker.com/communication-arts-2011-january-february-2011-typography-annual-1-communication.pdf
    • http://www.gorillawalker.com/kaksituhatta-tonnia-per-neli.pdf
    • http://www.gorillawalker.com/calderon-comedias-novena-parte-1691-xviii-vol-18.pdf
    • http://www.gorillawalker.com/gesti-n-de-proyectos-con-mapas-men
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.