Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee8b28480f423c5f…

MALICIOUS

PDF

42.4 KB Created: 2019-02-14 08:12:51 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Mac OS X 10.8.4 Quartz PDFContext)
MD5: 6e8017eb56535926a57845599d272cb9 SHA-1: 78bd986c25c46542d38c75ac71972c9331457d1b SHA-256: ee8b28480f423c5f452fc4276a064b07a4eba51b65c1025f8ba349cfb7eebe9a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. These links all point to the same domain, suggesting a coordinated effort to manipulate search engine rankings or distribute content. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing lure. The primary attack pattern observed is the distribution of numerous external links.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/doji-candlestick-pattern-a-simple-candlestick-trading-strategy-for-consistent.pdf
    • http://www.gorillawalker.com/seven-cities-of-greed.pdf
    • http://www.gorillawalker.com/solar-sales-handbook-earn-a-6-figure-income-kindle-edition.pdf
    • http://www.gorillawalker.com/world-religions-is-there-a-meaning-for-you-your-candid.pdf
    • http://www.gorillawalker.com/shaasha-barta-the-book-of-the-41-virtues.pdf
    • http://www.gorillawalker.com/la-sinagoga-vac-a-the-empty-synagogue-un-estudio-de.pdf
    • http://www.gorillawalker.com/cp-cats-a-complete-guide-to-drawing-cats-in-colored.pdf
    • http://www.gorillawalker.com/easy-recipes-for-wild-game-and-fish.pdf
    • http://www.gorillawalker.com/exploring-west-yorkshire-s-history.pdf
    • http://www.gorillawalker.com/memoir-of-a-retired-teacher.pdf
    • http://www.gorillawalker.com/design-of-sheet-pile-walls-technical-engineering-and-design-guides.pdf
    • http://www.gorillawalker.com/twelve-days-at-nuku-hiva-russian-encounters-and-mutiny-in.pdf
    • http://www.gorillawalker.com/new-shanghai-cuisine-bridging-the-old-and-the-new-mc.pdf
    • http://www.gorillawalker.com/chinese-heart-disease-therapies-daquan-fine-hardcover.pdf
    • http://www.gorillawalker.com/do-your-own-divorce-a-practical-guide-to-divorcing-without.pdf
    • http://www.gorillawalker.com/minority-internal-migration-in-europe-international-population-studies.pdf
    • http://www.gorillawalker.com/geoff-wilson-s-complete-book-of-fishing-knots-and-rigs.pdf
    • http://www.gorillawalker.com/introduction-to-the-quantum-theory-international-series-in-pure-and.pdf
    • http://www.gorillawalker.com/how-to-get-your-husband-to-talk-to-you.pdf
    • http://www.gorillawalker.com/cantonese-english-english-cantonese-dictionary-phrasebook.pdf
    • http://www.gorillawalker.com/the-vision-of-modern-dance-in-the-words-of-its.pdf
    • http://www.gorillawalker.com/dr-katzs-me-at-a-glance.pdf
    • http://www.gorillawalker.com/nfpa-99-health-care-facilities-code-2012-edition.pdf
    • http://www.gorillawalker.com/handbook-of-electrical-engineering-for-practitioners-in-the-oil-gas.pdf
    • http://www.gorillawalker.com/henry-purcell-a-guide-to-research-garland-reference-library-of.pdf
    • http://www.gorillawalker.com/frankie-manning-l-ambassadeur-du-lindy-hop.pdf
    • http://www.gorillawalker.com/main-line-entertains.pdf
    • http://www.gorillawalker.com/russian-sacred-music-for-choirs-vocal-score-for-choirs-collections.pdf
    • http://www.gorillawalker.com/medieval-heresies-christianity-judaism-and-islam-cambridge-medieval-textbooks.pdf
    • http://www.gorillawalker.com/clarkesworld-issue-98.pdf
    • http://www.gorillawalker.com/unbound-forbidden-bond-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-new-rifleman.pdf
    • http://www.gorillawalker.com/cycling-notes-stationery.pdf
    • http://www.gorillawalker.com/failing-forward-turning-mistakes-into-stepping-stones-for-success.pdf
    • http://www.gorillawalker.com/principles-of-information-systems-available-titles-skills-assessment-manager-sam.pdf
    • http://www.gorillawalker.com/eleven.pdf
    • http://www.gorillawalker.com/rocks-around-the-world.pdf
    • http://www.gorillawalker.com/mixed-media-scrapbooking-volume-2-creating-keepsakes-special-issue.pdf
    • http://www.gorillawalker.com/the-age-of-migration-fourth-edition-international-population-movements-in.pdf
    • http://www.gorillawalker.com/a-new-world-power-america-from-1920-to-1945-documenting.pdf
    • http://www.gorillawalker.com/la-sinagog
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.