Malicious PDF — malware analysis report

Static analysis result for SHA-256 c2d413a22d07dc96…

MALICIOUS

PDF

34.5 KB Created: 2020-02-08 18:26:48 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.2 (Windows))
MD5: 81f237151728c9a06332680a6dfa302e SHA-1: 66908e595e1a645c227cfda205fcf1b96c1b58c6 SHA-256: c2d413a22d07dc96c0f6677198d90909c164da0e5cb3f429e213c66e25c1ee72
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, all hosted on the same domain. This is indicative of a link farm or SEO manipulation tactic. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing lure. The primary attack pattern observed is the mass distribution of external links.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mystery-calcudoku-200-puzzles.pdf
    • http://www.gorillawalker.com/2004-supplement-to-trade-regulation.pdf
    • http://www.gorillawalker.com/natural-law-and-human-nature-lecture-transcript-and-course-guidebook.pdf
    • http://www.gorillawalker.com/hot-damn-and-hell-yeah-dirty-south-a-vegan-cookbook.pdf
    • http://www.gorillawalker.com/la-qu-mica-inorg-nica-en-reacciones-biblioteca-de-qu.pdf
    • http://www.gorillawalker.com/good-grief-it-s-mother-s-day-peanuts.pdf
    • http://www.gorillawalker.com/homemade-bread-recipes-a-simple-and-easy-bread-machine-cookbook.pdf
    • http://www.gorillawalker.com/holt-mcdougal-algebra-2-indiana-student-edition-2011.pdf
    • http://www.gorillawalker.com/sharjah-mini-map.pdf
    • http://www.gorillawalker.com/livre-de-dessin-comment-dessiner-des-comics-la-mer-apprendre.pdf
    • http://www.gorillawalker.com/electricity-city-a-problem-based-unit.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-handwriting-analysis.pdf
    • http://www.gorillawalker.com/iec-tr-60785-ed-1-0-b-1984-rotating-machines.pdf
    • http://www.gorillawalker.com/meditation-in-action-40th-anniversary-edition-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/sport-public-broadcasting-and-cultural-citizenship-signal-lost-routledge-research.pdf
    • http://www.gorillawalker.com/gallimaufry-a-hodge-podge-of-poetry-kindle-edition.pdf
    • http://www.gorillawalker.com/adeste-fideles-keyboard-sheet-music.pdf
    • http://www.gorillawalker.com/constantine-s-sword-the-church-and-the-jews-a-history.pdf
    • http://www.gorillawalker.com/wenn-du-noch-lebst-thriller-german-edition.pdf
    • http://www.gorillawalker.com/sap-sd-for-beginners-2nd-edition.pdf
    • http://www.gorillawalker.com/schubert-the-music-and-the-man.pdf
    • http://www.gorillawalker.com/the-international-jewish-cook-book-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/scholastic-book-of-lists-ii.pdf
    • http://www.gorillawalker.com/snakelust.pdf
    • http://www.gorillawalker.com/the-british-loan-what-it-means-to-us.pdf
    • http://www.gorillawalker.com/the-importance-of-species-perspectives-on-expendability-and-triage.pdf
    • http://www.gorillawalker.com/party-favor-watching-my-hotwife-give-herself-away-like-a.pdf
    • http://www.gorillawalker.com/the-lost-rocks-the-dare-stones-and-the-unsolved-mystery.pdf
    • http://www.gorillawalker.com/hiragana-from-zero-the-complete-japanese-hiragana-book-with-integrated.pdf
    • http://www.gorillawalker.com/food-safety-and-toxicity.pdf
    • http://www.gorillawalker.com/law-and-the-limits-of-reason.pdf
    • http://www.gorillawalker.com/the-russian-s-acquisition-harlequin-presents.pdf
    • http://www.gorillawalker.com/gender-in-the-2009-south-african-election-women-in-politics.pdf
    • http://www.gorillawalker.com/microscale-combustion-and-power-generation.pdf
    • http://www.gorillawalker.com/spasticity-management-rehabilitation-strategies.pdf
    • http://www.gorillawalker.com/global-history-and-geography-the-growth-of-civilizations.pdf
    • http://www.gorillawalker.com/complete-practical-distiller-comprising-the-most-perfect-and-exact-theoretical.pdf
    • http://www.gorillawalker.com/what-s-new-doc-a-collection-of-funny-poignant-and.pdf
    • http://www.gorillawalker.com/ingles-facil-para-ti-spanish-edition.pdf
    • http://www.gorillawalker.com/the-alexander-h-stephens-reader.pdf
    • http://www.gorillawalker.com/livre-de-dessin-comment-dessiner-des-comics-la-mer-ap
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.