Malicious PDF — malware analysis report

Static analysis result for SHA-256 c12f523d4449ec74…

MALICIOUS

PDF

43.7 KB Created: 2018-11-26 20:06:58 +03:00 Authoring application: - (via Acrobat Distiller 5.0.5 (Windows))
MD5: 48c25d5f1bde7e95183a01cb7734adc3 SHA-1: a205d063ef28607c3930f05299c0f51a27358389 SHA-256: c12f523d4449ec745a530e8e6baeb6292968320cf1147d34f8f023df11a4d7b7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The document body is heavily obfuscated and does not provide clear textual lures. The primary attack pattern observed is the distribution of a link farm, likely intended to direct users to potentially malicious or phishing websites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/star-wars-galaxies-jump-to-lightspeed-prima-official-game-guide.pdf
    • http://www.gorillawalker.com/introducci-n-a-la-astrolog-a.pdf
    • http://www.gorillawalker.com/principles-of-cpt-coding-eighth-edition.pdf
    • http://www.gorillawalker.com/salted-with-fire-spirituality-for-the-faithjustice-journey.pdf
    • http://www.gorillawalker.com/how-far-to-bethlehem.pdf
    • http://www.gorillawalker.com/chemical-engineering-design-korean-edition.pdf
    • http://www.gorillawalker.com/reading-the-bible-and-praying-in-public.pdf
    • http://www.gorillawalker.com/homosexuality-and-science-a-guide-to-the-debates.pdf
    • http://www.gorillawalker.com/peer-to-peer-video-streaming.pdf
    • http://www.gorillawalker.com/central-and-south-america-by-road-bradt-guides.pdf
    • http://www.gorillawalker.com/miss-lina-s-ballerinas-and-the-prince.pdf
    • http://www.gorillawalker.com/school-zone-vol-1-v-1.pdf
    • http://www.gorillawalker.com/hooked-on-spelling-hooked-on-phonics.pdf
    • http://www.gorillawalker.com/photosensitive-metal-organic-systems-mechanistic-principles-and-applications-advances-in.pdf
    • http://www.gorillawalker.com/cheating-with-the-cavemen-historical-voyeurism-caveman-menage-huge-size.pdf
    • http://www.gorillawalker.com/pseudepigrapha-an-account-of-certain-apocryphal-sacred-writings-of-the.pdf
    • http://www.gorillawalker.com/exercises-for-rebel-artists-radical-performance-pedagogy.pdf
    • http://www.gorillawalker.com/soul-keeping-study-guide-caring-for-the-most-important-part.pdf
    • http://www.gorillawalker.com/the-art-of-negotiation-how-to-improvise-agreement-in-a.pdf
    • http://www.gorillawalker.com/a-history-of-autism-conversations-with-the-pioneers.pdf
    • http://www.gorillawalker.com/space-science-discovery.pdf
    • http://www.gorillawalker.com/chia-the-complete-guide-to-the-ultimate-superfood-superfood-series.pdf
    • http://www.gorillawalker.com/the-sitter-s-sinful-punishment.pdf
    • http://www.gorillawalker.com/ceramic-matrix-composites-fiber-reinforced-ceramics-and-their-applications.pdf
    • http://www.gorillawalker.com/all-the-verdis-of-venice.pdf
    • http://www.gorillawalker.com/building-social-relationships-a-systematic-approach-to-teaching-social-interaction.pdf
    • http://www.gorillawalker.com/trump-how-to-get-rich-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/democracy-and-redistribution-cambridge-studies-in-comparative-politics.pdf
    • http://www.gorillawalker.com/how-to-serve-in-simple-solemn-and-pontifical-functions.pdf
    • http://www.gorillawalker.com/mapping-apologetics-comparing-contemporary-approaches.pdf
    • http://www.gorillawalker.com/an-appeal-to-the-young.pdf
    • http://www.gorillawalker.com/the-fragility-of-freedom-tocqueville-on-religion-democracy-and-the.pdf
    • http://www.gorillawalker.com/rakshasa-s-ring-clay-sanskrit-library.pdf
    • http://www.gorillawalker.com/vogue-patterns-magazine-september-october-1983-fashion-sewing-the-shape.pdf
    • http://www.gorillawalker.com/alicia-keys-today-s-superstars.pdf
    • http://www.gorillawalker.com/traditional-feeding-of-farm-animals.pdf
    • http://www.gorillawalker.com/bless-celebrating-10-years-of-themelessness-10-years-of-experimental.pdf
    • http://www.gorillawalker.com/sugar-detox-the-14-day-sugar-detox-diet-includes-step.pdf
    • http://www.gorillawalker.com/the-complete-psychological-works-of-sigmund-freud-beyond-the-pleasure.pdf
    • http://www.gorillawalker.com/the-portable-ethicist-for-mental-health-professionals-with-hipaa-update.pdf
    • http://www.gorillawalker.com/peer-to-p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.