Malicious PDF — malware analysis report

Static analysis result for SHA-256 e9ec28312d05b939…

MALICIOUS

PDF

31.0 KB Created: 2020-01-10 17:21:05 +03:00 Authoring application: Adobe Acrobat Pro 11.0.0
MD5: 4fd4a3b106aa6c92e757537f9c361523 SHA-1: ef23869996eff61f2bd4fa0aeb957acc88c81d13 SHA-256: e9ec28312d05b93967da492a8673f2ca72cdb72c8c28b4ae204c9a9de9c48ac2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The document body is heavily obfuscated and does not provide clear textual lures. The primary attack pattern observed is the mass linking to external domains, suggesting a potential SEO manipulation scheme or a distribution point for further malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/holomorphic-dynamics-and-renormalization-fields-institute-communications.pdf
    • http://www.gorillawalker.com/create-your-own-kidney-diet-plan-build-a-meal-pattern.pdf
    • http://www.gorillawalker.com/contemporary-north-american-film-directors-a-wallflower-critical-guide-the.pdf
    • http://www.gorillawalker.com/collins-ireland-touring-map-collins-travel-guides.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-kate-chopin-cambridge-companions-to-literature.pdf
    • http://www.gorillawalker.com/fretboard-roadmaps-for-slide-guitar.pdf
    • http://www.gorillawalker.com/anglican-religious-life-2015-16-a-yearbook-of-religious-orders.pdf
    • http://www.gorillawalker.com/what-do-lawyers-do-an-ethnography-of-a-corporate-law.pdf
    • http://www.gorillawalker.com/cup-104-years-of-davis-cup-tennis.pdf
    • http://www.gorillawalker.com/the-last-roulette-secret-forget-the-dealer.pdf
    • http://www.gorillawalker.com/joint-9th-ifsa-world-congress-and-20th-nafips-international-conference.pdf
    • http://www.gorillawalker.com/not-man-apart-photographs-of-the-big-sur-coast.pdf
    • http://www.gorillawalker.com/power-system-control-and-stability.pdf
    • http://www.gorillawalker.com/your-words-hold-a-miracle-the-power-of-speaking-god.pdf
    • http://www.gorillawalker.com/black-woman-white-cop-interracial-bwwm-uniform-worship-erotica.pdf
    • http://www.gorillawalker.com/the-all-music-book-of-hit-singles-all-music-guides.pdf
    • http://www.gorillawalker.com/longchen-nyingthig-chod-practice-sound-of-dakini-laughter-by-jigme.pdf
    • http://www.gorillawalker.com/go-greenie-are-you-eating-something-green-36-color-and.pdf
    • http://www.gorillawalker.com/patton-at-bay-the-lorraine-campaign-1944.pdf
    • http://www.gorillawalker.com/how-to-make-it-big-as-a-consultant-3rd-05.pdf
    • http://www.gorillawalker.com/ghost-in-the-house.pdf
    • http://www.gorillawalker.com/algonquin.pdf
    • http://www.gorillawalker.com/when-their-world-falls-apart-helping-families-and-children-manage.pdf
    • http://www.gorillawalker.com/the-maps-of-tolkien-s-middle-earth.pdf
    • http://www.gorillawalker.com/robinson-crusoe-study-guide-timeless-timeless-classics.pdf
    • http://www.gorillawalker.com/hickory-dickory-dock-the-literacy-tower.pdf
    • http://www.gorillawalker.com/welcoming-community-diversity-that-works-living-church.pdf
    • http://www.gorillawalker.com/the-piano-lesson.pdf
    • http://www.gorillawalker.com/kasumi-2.pdf
    • http://www.gorillawalker.com/electrodiagnostic-medicine-2e.pdf
    • http://www.gorillawalker.com/coconut-s-joke-book.pdf
    • http://www.gorillawalker.com/ferrari-25-years-of-calendar-images-by-teneues-publishing-group.pdf
    • http://www.gorillawalker.com/stop-hurting-start-living-again-after-you-ve-left-your.pdf
    • http://www.gorillawalker.com/das-brotbackbuch-brot-selber-backen-im-brotbackautomaten-50-rezepte-f.pdf
    • http://www.gorillawalker.com/the-a-to-z-of-anti-aging-foods-the-a.pdf
    • http://www.gorillawalker.com/longman-dictionary-of-phrasal-verbs.pdf
    • http://www.gorillawalker.com/medicine-magic-or-miracle-issues-for-the-nineties.pdf
    • http://www.gorillawalker.com/do-cows-meow-a-lift-the-flap-book-board-book.pdf
    • http://www.gorillawalker.com/tyranids-warhammer-40-000-codex.pdf
    • http://www.gorillawalker.com/i-ching-spanish-edition.pdf
    • http://www.gorillawalker.com/the-last-roulette-secret-forget-the
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.