Malicious PDF — malware analysis report

Static analysis result for SHA-256 be1b941a5d6b86d5…

MALICIOUS

PDF

43.5 KB Created: 2018-11-15 18:31:30 +03:00 Authoring application: XEP 4.4 build 20050610
MD5: 57b7f3fe9b0615fb157dfe343c2da630 SHA-1: 67beb7f4e5ce3cc8b46b4e3cbf57582733a1888e SHA-256: be1b941a5d6b86d5a821ce1b93fd586f73ad23e6906f4dc83b275187f4374079
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The document body is heavily obfuscated and does not provide clear textual lures. The primary attack pattern appears to be the distribution of a large number of links, potentially for SEO manipulation or to serve as a landing page for further malicious activity. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/knit-your-own-pet-easy-to-follow-patterns-for-beginners.pdf
    • http://www.gorillawalker.com/when-the-stakes-are-too-high.pdf
    • http://www.gorillawalker.com/piano-concerto-no-1-op-1-1919-version-full-score.pdf
    • http://www.gorillawalker.com/inspecting-cylinders.pdf
    • http://www.gorillawalker.com/the-writing-diet-write-yourself-right-size.pdf
    • http://www.gorillawalker.com/sustainable-food-security-in-west-africa.pdf
    • http://www.gorillawalker.com/malaysia-mineral-mining-sector-investment-and-business-guide-world-business.pdf
    • http://www.gorillawalker.com/sticker-style-shop.pdf
    • http://www.gorillawalker.com/i-saw-the-lord-participant-s-guide-a-wake-up.pdf
    • http://www.gorillawalker.com/april-dailies.pdf
    • http://www.gorillawalker.com/ultrametric-calculus-an-introduction-to-p-adic-analysis-cambridge-studies.pdf
    • http://www.gorillawalker.com/les-theatres-d-ombres-chinoises-renseignements-complets-ed-1896-french.pdf
    • http://www.gorillawalker.com/saint-paul-daily-missal-burgundy-leatherflex.pdf
    • http://www.gorillawalker.com/the-profitable-artist-a-handbook-for-all-artists-in-the.pdf
    • http://www.gorillawalker.com/jazz-dance-the-story-of-american-vernacular-dance.pdf
    • http://www.gorillawalker.com/france-forts-citadelles-1-1m-thematic-map-ign-907-traveller.pdf
    • http://www.gorillawalker.com/concerto-for-flute-strings-and-basso-continuo-in-g-major.pdf
    • http://www.gorillawalker.com/dakota-lullaby-for-harp-and-voice.pdf
    • http://www.gorillawalker.com/no-justice-no-peace.pdf
    • http://www.gorillawalker.com/the-land-of-bolivar-or-war-peace-and-adventure-in.pdf
    • http://www.gorillawalker.com/la-republica-oriental-del-uruguay-am-rica-del-sud-en.pdf
    • http://www.gorillawalker.com/smoking-cessation-pipeline-review-q4-2010-download-pdf-digital.pdf
    • http://www.gorillawalker.com/turkish-for-travelers-book-and-audio-cassette-berlitz-cassettepaks.pdf
    • http://www.gorillawalker.com/genetic-algorithms-and-the-optimization-problems-in-graph-theory.pdf
    • http://www.gorillawalker.com/chinese-philosophy-methodology-korean-edition.pdf
    • http://www.gorillawalker.com/the-heroin-addict-s-daughter-thoughts-on-thriving-and-recovering.pdf
    • http://www.gorillawalker.com/aa-road-map-portugal-aa-road-map-spain-portugal.pdf
    • http://www.gorillawalker.com/when-magoo-flew-the-rise-and-fall-of-animation-studio.pdf
    • http://www.gorillawalker.com/hebrew-in-10-minutes-a-day-with-cd-rom.pdf
    • http://www.gorillawalker.com/the-fractal-organization-creating-sustainable-organizations-with-the-viable-system.pdf
    • http://www.gorillawalker.com/personality-guided-therapy-for-posttraumatic-stress-disorder-personality-guided-psychology.pdf
    • http://www.gorillawalker.com/what-mad-pursuit-a-personal-view-of-scientific-discovery.pdf
    • http://www.gorillawalker.com/women-voicing-resistance-discursive-and-narrative-explorations-women-and-psychology.pdf
    • http://www.gorillawalker.com/rain-spell-flute-clarinet-harp-piano-and-vibraphone-playing-score.pdf
    • http://www.gorillawalker.com/syracuse-and-its-surroundings-a-victorian-photo-tour-of-new.pdf
    • http://www.gorillawalker.com/clinical-handbook-of-internal-medicine.pdf
    • http://www.gorillawalker.com/thumper-finds-an-egg-disney-bunnies.pdf
    • http://www.gorillawalker.com/a-midsummer-night-s-dream-calla-editions.pdf
    • http://www.gorillawalker.com/manual-pr-ctico-para-la-realizaci-n-de-planes-de.pdf
    • http://www.gorillawalker.com/george-washington-fun-fact-for-kids-kindle-edition.pdf
    • http://www.gorillawalker.com/malaysia-mineral-mining-sector-investment-and-business-guid
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.