Malicious PDF — malware analysis report

Static analysis result for SHA-256 edadf9e7d8e17e02…

MALICIOUS

PDF

42.4 KB Created: 2019-04-10 12:10:08 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 71c573d8f1d3b1f78cbc132768b0a201 SHA-1: b9e46816e51d16f10e7f3026555a8400145411cc SHA-256: edadf9e7d8e17e02bd7c2e09480b6362937d65c7f5e98c4ccf89e496c6262db0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a heuristic firing for a 'PDF_SEO_LINK_FARM', indicating a large number of embedded external links. The document body, though heavily obfuscated, contains references to these external URLs, such as 'http://www.gorillawalker.com/exploring-skin-cancer.pdf'. This suggests the primary purpose is to direct users to a large number of linked PDFs, likely for SEO manipulation or to distribute further malicious content.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/exploring-skin-cancer.pdf
    • http://www.gorillawalker.com/reinstatement-basis-of-insurance-history-of-the-report-h-r.pdf
    • http://www.gorillawalker.com/reestrian-mates-the-complete-series-sci-fi-alien-romance.pdf
    • http://www.gorillawalker.com/nutrition-and-growth-world-review-of-nutrition-and-dietetics-vol.pdf
    • http://www.gorillawalker.com/the-mind-and-body-massage-the-guide-to-ultimate-relaxation.pdf
    • http://www.gorillawalker.com/in-silico-models-for-drug-discovery-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/a-short-history-of-the-mughal-empire-i-b-tauris.pdf
    • http://www.gorillawalker.com/the-best-of-ernie-haase-signature-sound-volume-1.pdf
    • http://www.gorillawalker.com/tales-from-high-hallack-volume-three-the-collected-short-stories.pdf
    • http://www.gorillawalker.com/our-one-baptism-handsel-booklets.pdf
    • http://www.gorillawalker.com/dysphagia-in-movement-disorders-clinical-dysphagia.pdf
    • http://www.gorillawalker.com/best-folk-song-files-of-songs-code-diagram-with-showa.pdf
    • http://www.gorillawalker.com/van-gogh-and-gauguin-the-studio-of-the-south.pdf
    • http://www.gorillawalker.com/baptism-understanding-the-sacraments.pdf
    • http://www.gorillawalker.com/the-times-calendar-cookbook.pdf
    • http://www.gorillawalker.com/hormesis-a-revolution-in-biology-toxicology-and-medicine.pdf
    • http://www.gorillawalker.com/maltese-calendar-multilingual-edition.pdf
    • http://www.gorillawalker.com/truly-greenwich-village-a-guide-to-the-usual-and-unusual.pdf
    • http://www.gorillawalker.com/fundamentals-of-product-liability-law-for-engineers.pdf
    • http://www.gorillawalker.com/of-monsters-madness.pdf
    • http://www.gorillawalker.com/the-smoker-s-diet-the-quick-guide-to-better-health.pdf
    • http://www.gorillawalker.com/national-geographic-july-1961-supplement-atlas-map-of-the-united.pdf
    • http://www.gorillawalker.com/holman-old-testament-commentary-volume-10-job.pdf
    • http://www.gorillawalker.com/media-law-in-belgium.pdf
    • http://www.gorillawalker.com/vegan-smoothies-natural-and-energizing-drinks-for-all-tastes.pdf
    • http://www.gorillawalker.com/design-intervention-routledge-revivals-toward-a-more-humane-architecture.pdf
    • http://www.gorillawalker.com/conrad-the-factory-made-boy-new-windmills.pdf
    • http://www.gorillawalker.com/vegan-tacos-authentic-and-inspired-recipes-for-mexico-s-favorite.pdf
    • http://www.gorillawalker.com/whereverville.pdf
    • http://www.gorillawalker.com/the-hidden-treasures-in-the-gospels-an-inductive-study-for.pdf
    • http://www.gorillawalker.com/the-shadow-of-creusa-negotiating-fictionality-in-late-antique-latin.pdf
    • http://www.gorillawalker.com/the-super-quick-guide-to-quickbooks-how-to-use-quickbooks.pdf
    • http://www.gorillawalker.com/shrimp-blastoff-readers-oceans-alive.pdf
    • http://www.gorillawalker.com/the-school-of-the-french-revolution-a-documentary-history-of.pdf
    • http://www.gorillawalker.com/elements-of-electromagnetics-oxford-series-in-electrical-and-computer-engineering.pdf
    • http://www.gorillawalker.com/vegetarian-on-the-go-easy-and-quick-recipes-for-busy.pdf
    • http://www.gorillawalker.com/boundaries-101-learning-to-recognize-honor-communicate-your-personal-limits.pdf
    • http://www.gorillawalker.com/feisty-weather-book-24-magnificent-visions-kindle-edition.pdf
    • http://www.gorillawalker.com/divisions.pdf
    • http://www.gorillawalker.com/losing-god-clinging-to-faith-through-doubt-and-depression.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.