Malicious PDF — malware analysis report

Static analysis result for SHA-256 da5743f1563f5b29…

MALICIOUS

PDF

35.2 KB Created: 2020-02-20 04:52:18 +03:00 Authoring application: - (via Acrobat Distiller 7.0.5 (Windows))
MD5: 8324893be489fc27ff07b8129de4ca0b SHA-1: 5af9b6dd4493c9f9ec2895184652ec815ed00089 SHA-256: da5743f1563f5b293400e9e20b77049109f446fefa9ae2a2adb2ee681d578dd7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large link farm pointing to numerous external PDF files, all hosted on the same domain. This suggests a tactic to manipulate search engine results or to distribute a large volume of potentially malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/new-rules-for-an-old-game-proceedings-of-a-workshop.pdf
    • http://www.gorillawalker.com/the-new-illustrated-naturalist-american-seashells.pdf
    • http://www.gorillawalker.com/mother-tongues-sexuality-trials-motherhood-translation.pdf
    • http://www.gorillawalker.com/write-your-way-to-freelance-success-vol-2-writing-lab.pdf
    • http://www.gorillawalker.com/translational-biology-in-medicine-woodhead-publishing-series-in-biomedicine.pdf
    • http://www.gorillawalker.com/social-network-analysis-quantitative-applications-in-the-social-sciences.pdf
    • http://www.gorillawalker.com/fire-ice-max-carla-series-book-2.pdf
    • http://www.gorillawalker.com/advanced-materials-science-and-engineering-of-carbon.pdf
    • http://www.gorillawalker.com/fundamentals-of-land-measurement.pdf
    • http://www.gorillawalker.com/staar-grade-5-science-assessment-secrets-study-guide-staar-test.pdf
    • http://www.gorillawalker.com/bipolaridad-como-don-c-mo-transformar-la-inestabilidad-emocional-en.pdf
    • http://www.gorillawalker.com/historic-boston-and-its-neighborhood-an-historical-pilgrimage-personally-conducted.pdf
    • http://www.gorillawalker.com/spc-at-the-esquire-club.pdf
    • http://www.gorillawalker.com/my-trip-to-nashville-a-child-s-perspective.pdf
    • http://www.gorillawalker.com/famous-solos-duets-for-the-ukulele-book-cd-set.pdf
    • http://www.gorillawalker.com/souvenirs-of-military-life-in-algeria.pdf
    • http://www.gorillawalker.com/snowstruck-in-the-grip-of-avalanches.pdf
    • http://www.gorillawalker.com/american-steak-and-seafood-mexican-cuisine-passport-let-s-eat.pdf
    • http://www.gorillawalker.com/censorship-in-romania.pdf
    • http://www.gorillawalker.com/discovering-god-s-will-study-guide-how-to-know-when.pdf
    • http://www.gorillawalker.com/cracking-windows-phone-and-blackberry-native-development-cross-platform-mobile.pdf
    • http://www.gorillawalker.com/the-healthy-carb-diabetes-cookbook-favorite-foods-to-fit-your.pdf
    • http://www.gorillawalker.com/mended-lucian-lia-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/secret-japan-postcards.pdf
    • http://www.gorillawalker.com/bioethics-and-the-law-2e.pdf
    • http://www.gorillawalker.com/the-twelve-days-of-christmas-in-iowa-the-twelve-days.pdf
    • http://www.gorillawalker.com/equine-medicine-surgery-and-reproduction-1e.pdf
    • http://www.gorillawalker.com/this-place-these-people-life-and-shadow-on-the-great.pdf
    • http://www.gorillawalker.com/luke-artist-and-theologian-luke-s-passion-account-as-literature.pdf
    • http://www.gorillawalker.com/camel-of-the-sea-wooden-sailing-ship-passenger-dow-symbol.pdf
    • http://www.gorillawalker.com/healthy-gourmet-wheat-gluten-dairy-egg-and-yeast-free-recipes.pdf
    • http://www.gorillawalker.com/religions-of-the-world-collins-fact-books.pdf
    • http://www.gorillawalker.com/assassins-of-the-turquoise-palace.pdf
    • http://www.gorillawalker.com/how-blest-are-they-sheet-music.pdf
    • http://www.gorillawalker.com/multilevel-governance-in-the-european-union-european-monographs-series-set.pdf
    • http://www.gorillawalker.com/booker-t-washington-educator-and-racial-spokesman.pdf
    • http://www.gorillawalker.com/design-of-long-life-flexible-pavements-for-heavy-traffic-trl.pdf
    • http://www.gorillawalker.com/math-the-easy-way-your-key-to-learning-math-the.pdf
    • http://www.gorillawalker.com/cs5-cs4-cs3-fully-compatible-with-illustrator-professional-logo-design.pdf
    • http://www.gorillawalker.com/lonely-planet-norway.pdf
    • http://www.gorillawalker.com/staar-grade-5-sci
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.