Malicious PDF — malware analysis report

Static analysis result for SHA-256 e75be5797f31c4bf…

MALICIOUS

PDF

44.5 KB Created: 2018-11-26 20:03:29 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 69e909e8b9c4a65cca68fec299f3fd67 SHA-1: b4b3a4ff3cfd09e68a744dedfc0264d90887754e SHA-256: e75be5797f31c4bfdfd920cc3d501de2250ec8b6ab2c2190dbe69a5ce3e16bca
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a heuristic firing for a large number of external links, suggesting a link farm or SEO manipulation tactic. The embedded URLs point to various PDF files on the same domain, indicating a coordinated effort to redirect users. No scripts were extracted, limiting the ability to determine further malicious intent beyond the link distribution.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-history-of-east-tennessee-auto-racing-the-thrill-of.pdf
    • http://www.gorillawalker.com/speaker-s-sourcebook-of-new-illustrations-500-stories-and-anecdotes.pdf
    • http://www.gorillawalker.com/writings-through-john-cage-s-music-poetry-and-art.pdf
    • http://www.gorillawalker.com/intertidal-invertebrates-of-the-central-california-coast-s-f-light.pdf
    • http://www.gorillawalker.com/clinical-cardiology-current-practice-guidelines.pdf
    • http://www.gorillawalker.com/current-practices-in-quantitative-literacy-maa-notes.pdf
    • http://www.gorillawalker.com/sometimes-you-win-sometimes-you-learn-for-teens-how-to.pdf
    • http://www.gorillawalker.com/1000-erotic-works-of-genius.pdf
    • http://www.gorillawalker.com/exploring-drafting-instructor-s-resource-cd.pdf
    • http://www.gorillawalker.com/the-social-and-political-thought-of-karl-marx-cambridge-studies.pdf
    • http://www.gorillawalker.com/information-strategy-and-warfare-a-guide-to-theory-and-practice.pdf
    • http://www.gorillawalker.com/aloha-from-hawaii-aloha-from-honolulu-aloha-from-maui-three.pdf
    • http://www.gorillawalker.com/the-real-book-volume-iii-c-instruments-2nd-edition.pdf
    • http://www.gorillawalker.com/wagons-west.pdf
    • http://www.gorillawalker.com/copyright-for-archivists-and-records-managers-fourth-edition.pdf
    • http://www.gorillawalker.com/charles-lindbergh-and-the-spirit-of-st-louis-american-events.pdf
    • http://www.gorillawalker.com/second-star-star-svensdotter-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/two-up.pdf
    • http://www.gorillawalker.com/casas-de-embajada-en-washington-d-c.pdf
    • http://www.gorillawalker.com/ever-wonder-why-and-other-controversial-essays.pdf
    • http://www.gorillawalker.com/beginning-jazz-improvisation-intermediate-level-piano-music.pdf
    • http://www.gorillawalker.com/a-chapter-of-the-history-of-the-war-of-1812.pdf
    • http://www.gorillawalker.com/electroacupuntura-y-acupuntura-manual-spanish-edition.pdf
    • http://www.gorillawalker.com/boudica-s-odyssey-in-early-modern-england.pdf
    • http://www.gorillawalker.com/creating-energy-solar-energy.pdf
    • http://www.gorillawalker.com/the-oxford-history-of-christian-worship.pdf
    • http://www.gorillawalker.com/black-sheep-letting-go-of-the-past.pdf
    • http://www.gorillawalker.com/slavic-folklore-a-handbook-greenwood-folklore-handbooks.pdf
    • http://www.gorillawalker.com/playbook-picture-puffin-books.pdf
    • http://www.gorillawalker.com/the-bad-life-a-memoir.pdf
    • http://www.gorillawalker.com/the-memory-palace-learn-anything-and-everything-starting-with-shakespeare.pdf
    • http://www.gorillawalker.com/discipline-from-birth-to-three-how-teen-parents-can-prevent.pdf
    • http://www.gorillawalker.com/river-of-secrets.pdf
    • http://www.gorillawalker.com/pro-tools-9-music-production-recording-editing-and-mixing-kindle.pdf
    • http://www.gorillawalker.com/the-complete-sayings-of-jesus-the-king-james-version-of.pdf
    • http://www.gorillawalker.com/gods-of-love-and-ecstasy-the-traditions-of-shiva-and.pdf
    • http://www.gorillawalker.com/the-endangered-self-identity-and-social-risk.pdf
    • http://www.gorillawalker.com/the-fortunes-of-liberalism-essays-on-austrian-economics-and-the.pdf
    • http://www.gorillawalker.com/a-nostalgic-look-at-birmingham-trams-1933-53-southern-routes.pdf
    • http://www.gorillawalker.com/wake-us-when-it-s-over-presidential-politics-of-1984.pdf
    • http://www.gorillawalker.com/intertidal-invertebrates-of-the-central-california-coast-s-f-li
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.