Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb97575f18d59782…

MALICIOUS

PDF

42.2 KB Created: 2018-11-15 19:34:53 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 49719e272e41eb7adef15ad9ee544764 SHA-1: bbea91eac8aa6ecd5dded334b60528d88085091a SHA-256: cb97575f18d59782b3a50e72ca87314b4a349621d34e40dce652249c29eba62f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file exhibits a critical heuristic firing for a large number of external links, suggesting a link farm or SEO manipulation tactic. The embedded URLs point to various PDF documents hosted on the same domain. While no scripts were extracted, the sheer volume of links and the PDF structure indicate a potential attempt to direct users to malicious or deceptive content, possibly as a lure or to distribute further malware. The attack pattern is likely related to SEO poisoning or a phishing pretext using numerous links.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/thinkers-50-future-thinkers-new-thinking-on-leadership-strategy-and.pdf
    • http://www.gorillawalker.com/the-fall-of-south-bridge.pdf
    • http://www.gorillawalker.com/the-evolution-of-electoral-and-party-systems-in-the-nordic.pdf
    • http://www.gorillawalker.com/enjoy-it-while-it-hurts.pdf
    • http://www.gorillawalker.com/the-last-patriot-a-thriller-scot-harvath-book-7-kindle.pdf
    • http://www.gorillawalker.com/kick-start-dangerous-ground-book-5-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/investigating-seasons-searchlight-books-searchlight-books-what-are-earth-s.pdf
    • http://www.gorillawalker.com/hormone-therapy-of-the-menopause-and-aging.pdf
    • http://www.gorillawalker.com/kernel-methods-in-computational-biology-computational-molecular-biology.pdf
    • http://www.gorillawalker.com/arthritis-rheumatism-and-psoriasis.pdf
    • http://www.gorillawalker.com/three-hundred-sixty-five-bible-verses-a-year-1995-calendar.pdf
    • http://www.gorillawalker.com/auto-ingles-curso-de-autoaprendizaje-de-ingles-del-nivel-inicial.pdf
    • http://www.gorillawalker.com/intelligence-and-affectivity-in-early-childhood-an-experimental-study-of.pdf
    • http://www.gorillawalker.com/advanced-tort-law-a-problem-approach-loose-leaf-version.pdf
    • http://www.gorillawalker.com/frosty-melt-who-needs-christmas-6-siren-publishing-classic-manlove.pdf
    • http://www.gorillawalker.com/the-prison-alphabet-an-educational-coloring-book-for-children-of.pdf
    • http://www.gorillawalker.com/shuo-long-zhao-gu-shi-ci-yue-du-san-ji.pdf
    • http://www.gorillawalker.com/the-gutenberg-galaxy.pdf
    • http://www.gorillawalker.com/becoming-deviant.pdf
    • http://www.gorillawalker.com/cultural-appropriation-and-the-arts.pdf
    • http://www.gorillawalker.com/the-woman-who-fell-from-the-sky-poems.pdf
    • http://www.gorillawalker.com/surreal-south-13.pdf
    • http://www.gorillawalker.com/the-outlaw-s-claim-bareback-dominance-and-submission-erotica.pdf
    • http://www.gorillawalker.com/twilight-in-italy-penguin-classics.pdf
    • http://www.gorillawalker.com/random-rare-lock-key-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/knight-eternal-harbinger-of-doom-volume-3.pdf
    • http://www.gorillawalker.com/my-dirty-memoirs.pdf
    • http://www.gorillawalker.com/aphrodisiacs-and-anti-aphrodisiacs-three-essays-on-the-powers-of.pdf
    • http://www.gorillawalker.com/mischievous-art-of-jim-flora.pdf
    • http://www.gorillawalker.com/the-man-that-corrupted-hadleyburg-and-other-stories-and-sketches.pdf
    • http://www.gorillawalker.com/the-aircraft-encyclopedia.pdf
    • http://www.gorillawalker.com/field-guide-to-laser-pulse-generation-spie-vol-fg14-field.pdf
    • http://www.gorillawalker.com/listening-to-battered-women-a-survivor-centered-approach-to-advocacy.pdf
    • http://www.gorillawalker.com/domestic-violence-the-12-things-you-aren-t-supposed-to.pdf
    • http://www.gorillawalker.com/studia-patristica-vol-xviii-1-u-historica-theologica-gnostica-biblica.pdf
    • http://www.gorillawalker.com/next-generation-controller-specification-for-an-open-systems-architecture-standard.pdf
    • http://www.gorillawalker.com/stop-obsessing-how-to-overcome-your-obsessions-and-compulsions-kindle.pdf
    • http://www.gorillawalker.com/the-legend-of-the-loon-myths-legends-fairy-and-folktales.pdf
    • http://www.gorillawalker.com/ricci-essentials-of-maternity-newborn-and-women-s-health-nursing.pdf
    • http://www.gorillawalker.com/i
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.