Malicious PDF — malware analysis report

Static analysis result for SHA-256 d18de4997f1a0793…

MALICIOUS

PDF

35.0 KB Created: 2019-09-02 22:06:45 +03:00 Authoring application: Adobe InDesign CS3 (5.0.2) (via Adobe PDF Library 8.0)
MD5: 510044fd7f7d309e28131c530923b49f SHA-1: 2b2e5a504b9883af73fda2808f4183c99a713b54 SHA-256: d18de4997f1a079311024f3c978b8ba5362669d0e0f562b27f0924251940431e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a critical heuristic firing for PDF_SEO_LINK_FARM, indicating a mass of external links. The document body, though heavily obfuscated, contains numerous URLs pointing to the same domain, suggesting a link farm or SEO spam tactic. The primary intent appears to be directing users to a large number of external resources, potentially for malicious redirection or phishing. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/coaching-9-10-11-year-olds-2005-2005-publication.pdf
    • http://www.gorillawalker.com/fire-inspector-passbooks-career-examination-passbooks.pdf
    • http://www.gorillawalker.com/the-de-nol-tri-potassium-di-citrato-bismuthate-difference-a.pdf
    • http://www.gorillawalker.com/el-fant-stico-viaje-al-big-bang-the-fantastic-journey.pdf
    • http://www.gorillawalker.com/sonnets-to-a-young-man.pdf
    • http://www.gorillawalker.com/sun-signs.pdf
    • http://www.gorillawalker.com/mister-jelly-roll-the-fortunes-of-jelly-roll-morton-new.pdf
    • http://www.gorillawalker.com/notes-on-horse-management-pts-1-2-war-office-facsimiles.pdf
    • http://www.gorillawalker.com/christian-marriage-casti-connumbii.pdf
    • http://www.gorillawalker.com/fallen-eyes-book-four-of-salt-lake-after-dark-kindle.pdf
    • http://www.gorillawalker.com/the-message-of-1-timothy-titus-the-bible-speaks-today.pdf
    • http://www.gorillawalker.com/slot-machines-america-s-favorite-gaming-device.pdf
    • http://www.gorillawalker.com/england-their-england-fonthill-complete-a-g-macdonell.pdf
    • http://www.gorillawalker.com/nms-hematology.pdf
    • http://www.gorillawalker.com/italian-tale.pdf
    • http://www.gorillawalker.com/4-amazing-performance-and-health-increasing-niacin-protocols-by-logan.pdf
    • http://www.gorillawalker.com/bioseparations-engineering-principles-practice-and-economics.pdf
    • http://www.gorillawalker.com/get-around-o-ahu-sreet-guide-and-atlas.pdf
    • http://www.gorillawalker.com/the-modern-flower-painter-a-guide-to-creating-vibrant-botanical.pdf
    • http://www.gorillawalker.com/making-the-best-of-a-bad-decision-how-to-put.pdf
    • http://www.gorillawalker.com/a-light-valentine-s-day-brunch-recipe-menu.pdf
    • http://www.gorillawalker.com/andantino-mozart-theodore-presser-flute-oboe-piano-114-40058.pdf
    • http://www.gorillawalker.com/deformation-and-fracture-of-solids.pdf
    • http://www.gorillawalker.com/coloring-with-your-octopus-a-coloring-book-for-domesticated-cephalopods.pdf
    • http://www.gorillawalker.com/besser-leben-mit-der-kraft-des-mondes-mondkalender-2015.pdf
    • http://www.gorillawalker.com/snowboard-standoff-sports-illustrated-kids-graphic-novels-kindle-edition.pdf
    • http://www.gorillawalker.com/soft-bipolar-and-soft-cyclothymia-questions-and-answers-companion-to.pdf
    • http://www.gorillawalker.com/at-the-piano-with-faure.pdf
    • http://www.gorillawalker.com/finite-mathematics-textbook-and-student-solutions-manual-an-applied-approach.pdf
    • http://www.gorillawalker.com/amado-por-dios.pdf
    • http://www.gorillawalker.com/modern-manufacturing-technology-and-cost-estimation-a-systematic-approach-with.pdf
    • http://www.gorillawalker.com/begegnungen-entgegnungen-beitrage-zur-modernen-gottesfrage-kontextuellen-theologie-und-okumene.pdf
    • http://www.gorillawalker.com/jonas-and-kovner-s-health-care-delivery-in-the-united.pdf
    • http://www.gorillawalker.com/zagat-2011-san-francisco-restaurants-zagat-survey-san-francisco-bay.pdf
    • http://www.gorillawalker.com/racehoss-big-emma-s-boy-kindle-edition.pdf
    • http://www.gorillawalker.com/flowers-2012-calendar.pdf
    • http://www.gorillawalker.com/mcat-physics-study-guide-5th-edition.pdf
    • http://www.gorillawalker.com/scaredy-cat-runs-away-learn-to-read-math-learn-to.pdf
    • http://www.gorillawalker.com/r-flexions-strat-giques-sur-ha-ti-sauvons-un-patrimoine.pdf
    • http://www.gorillawalker.com/tube-of-plenty-the-evolution-of-american-television-2nd-second.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.