Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4d359eff277b55a…

MALICIOUS

PDF

40.3 KB Created: 2018-11-14 08:38:56 +03:00 Authoring application: Acrobat 5.0 Image Conversion Plug-in for Windows
MD5: 7037208543b36d379734595eaebf018f SHA-1: 0b6197bcf68497ba14db4377c5b6e86951278cae SHA-256: e4d359eff277b55aa30cbe08d3dd53eaedb1b45c89f8e4fa791ba36396d006af
68 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute malicious content via these links. The presence of a 'download button' lure further supports the idea of a deceptive workflow. No scripts were extracted, limiting the ability to determine a specific payload or family.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/note-on-the-spinal-portion-of-some-ascending-degenerations.pdf
    • http://www.gorillawalker.com/planning-guide-for-maintaining-school-facilities.pdf
    • http://www.gorillawalker.com/the-history-of-the-council-of-florence-classic-reprint.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-potty-training-children-new-sure-fire.pdf
    • http://www.gorillawalker.com/world-war-ii-shipyards-by-the-bay-ca-images-of.pdf
    • http://www.gorillawalker.com/the-traveller-s-guidebook-for-everyone-let-s-go-to.pdf
    • http://www.gorillawalker.com/shifting-into-overdrive-dawson-s-creek-3.pdf
    • http://www.gorillawalker.com/keeping-sweets.pdf
    • http://www.gorillawalker.com/hayate-the-combat-butler-tome-6-french-edition.pdf
    • http://www.gorillawalker.com/alexander-the-great-man-and-god.pdf
    • http://www.gorillawalker.com/xtreme-drums-book-and-cd.pdf
    • http://www.gorillawalker.com/theirs-to-keep-tangled-hearts-trilogy-book-1.pdf
    • http://www.gorillawalker.com/national-geographic-july-1976-vol-150-no-1.pdf
    • http://www.gorillawalker.com/the-developing-labor-law-the-board-the-courts-and-the.pdf
    • http://www.gorillawalker.com/thomas-jefferson-philosopher-of-freedom.pdf
    • http://www.gorillawalker.com/hot-rocks.pdf
    • http://www.gorillawalker.com/catalogue-of-printed-books-including-science-and-medicine-mar-31.pdf
    • http://www.gorillawalker.com/fit-fur-den-testdaf-pack-ubungsbuch-losungsheft-2-cds-german.pdf
    • http://www.gorillawalker.com/the-princeton-encyclopedia-of-classical-sites.pdf
    • http://www.gorillawalker.com/biro-kindle-edition.pdf
    • http://www.gorillawalker.com/will-and-wendy-build-a-website-with-digital-tools-writing.pdf
    • http://www.gorillawalker.com/devil-s-despair.pdf
    • http://www.gorillawalker.com/renraku-arcology-shadowrun.pdf
    • http://www.gorillawalker.com/vintage-vocal-piano-sheet-music-blue-danube-robbins-royal-edition.pdf
    • http://www.gorillawalker.com/two-voices-one-song-creative-arrangements-of-classic-hymns-for.pdf
    • http://www.gorillawalker.com/elizabeth-sprague-coolidge-american-patron-of-music.pdf
    • http://www.gorillawalker.com/netter-s-advanced-head-neck-flash-cards-netter-basic-science.pdf
    • http://www.gorillawalker.com/quintet-five-american-dance-companies-the-alvin-ailey-city-center.pdf
    • http://www.gorillawalker.com/history-of-sanskrit-poetics.pdf
    • http://www.gorillawalker.com/diary-of-a-drag-queen.pdf
    • http://www.gorillawalker.com/applied-linear-statistical-models.pdf
    • http://www.gorillawalker.com/dolly-and-ike-cherry-blossom-time.pdf
    • http://www.gorillawalker.com/chronicle-books-mastering-the-art-of-embroidery-tutorials-techniques-and.pdf
    • http://www.gorillawalker.com/warigami-combined-arms-origami.pdf
    • http://www.gorillawalker.com/drummer-s-guide-to-fills-book-cd-national-guitar-workshop.pdf
    • http://www.gorillawalker.com/enchanted-kingdom-troubador-color-story-album.pdf
    • http://www.gorillawalker.com/4-wheel-freedom-the-art-of-off-road-driving-by.pdf
    • http://www.gorillawalker.com/decisiones-dif-ciles-spanish-edition.pdf
    • http://www.gorillawalker.com/jack-london-writer-of-adventure.pdf
    • http://www.gorillawalker.com/focused-ion-beam-systems-basics-and-applications.pdf
    • http://www.gorillawalker.com/the-complete-gui
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.