Malicious PDF — malware analysis report

Static analysis result for SHA-256 f05bf1fcdbc485a3…

MALICIOUS

PDF

32.9 KB Created: 2020-02-20 01:27:01 +03:00 Authoring application: BookVirtual Digital Works (via BookVirtual Corp. Patents Pending.)
MD5: 4baf58905d971db5932e020a586ccbde SHA-1: 4bcde13bb28d3d722be56ac8bfe6e6ee34ab5d68 SHA-256: f05bf1fcdbc485a3767f787f1e15cc8ff7599736f564ec4fc01d28e8d7970810
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a heuristic firing for PDF_SEO_LINK_FARM, indicating a large number of embedded external links. The document body is heavily obfuscated and unreadable, but the presence of 32 external links suggests a link farm designed to drive traffic to various websites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/five-times-fast-tongue-twisters-for-baby-boomers.pdf
    • http://www.gorillawalker.com/insurgencias-di-logos-y-negociaciones-centroam-rica-chiapas-y-colombia.pdf
    • http://www.gorillawalker.com/china-s-cosmopolitan-empire-the-tang-dynasty-history-of-imperial.pdf
    • http://www.gorillawalker.com/words-on-courage-helen-exley-giftbooks-words-for-life.pdf
    • http://www.gorillawalker.com/wee-sing-bible-songs-book.pdf
    • http://www.gorillawalker.com/cambridge-igcse-mathematics-extended-practice-book-cambridge-international-examinations.pdf
    • http://www.gorillawalker.com/a-butterfly-is-born-early-science-big-books-big-book.pdf
    • http://www.gorillawalker.com/ngos-and-the-millennium-development-goals-citizen-action-to-reduce.pdf
    • http://www.gorillawalker.com/gross-indecency-the-three-trials-of-oscar-wilde-acting-edition.pdf
    • http://www.gorillawalker.com/multi-choice-questions-and-immediate-answers-contracts-torts-criminal-law.pdf
    • http://www.gorillawalker.com/femdom-forced-feminisation-fantasies-iii.pdf
    • http://www.gorillawalker.com/by-the-waters-of-manhattan-a-black-sparrow-book.pdf
    • http://www.gorillawalker.com/the-legacy-of-the-blues-a-glimpse-into-the-art.pdf
    • http://www.gorillawalker.com/real-life-begins-after-high-school-facing-the-future-without.pdf
    • http://www.gorillawalker.com/the-griffith-project-v-4-griffith-at-the-biograph-company.pdf
    • http://www.gorillawalker.com/craig-brown-the-autobiography.pdf
    • http://www.gorillawalker.com/chicago-days-150-defining-moments-in-the-life-of-a.pdf
    • http://www.gorillawalker.com/advancing-medical-practice-through-technology-applications-for-healthcare-delivery-management.pdf
    • http://www.gorillawalker.com/keeper-vs-reaper-graveyard-guardians-volume-1.pdf
    • http://www.gorillawalker.com/frommer-s-budget-travel-guide-south-america-on-40-a.pdf
    • http://www.gorillawalker.com/principles-of-physical-geology.pdf
    • http://www.gorillawalker.com/total-bike-repair-maintenance-magazine-2013.pdf
    • http://www.gorillawalker.com/geiriau-croes-geiriau-cyntaf-book-3-welsh-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/christ-and-culture-torchbooks.pdf
    • http://www.gorillawalker.com/passionate-embrace-faith-flesh-tango.pdf
    • http://www.gorillawalker.com/when-i-was-your-age-volume-one-original-stories-about.pdf
    • http://www.gorillawalker.com/amsterdam-prostitute-box-set-books-i-iii-the-brothel-and.pdf
    • http://www.gorillawalker.com/uncovering-the-voice-the-cleansing-power-of-song.pdf
    • http://www.gorillawalker.com/everyone-wears-his-name-a-biography-of-levi-strauss-people.pdf
    • http://www.gorillawalker.com/research-methods-in-park-recreation-and-leisure-services.pdf
    • http://www.gorillawalker.com/the-complete-venison-cookbook-kindle-edition.pdf
    • http://www.gorillawalker.com/civil-resistance-today.pdf
    • http://www.gorillawalker.com/third-person-plural-the-threeness-of-god.pdf
    • http://www.gorillawalker.com/wikitravel-paris-the-free-complete-up-to-date-and-reliable.pdf
    • http://www.gorillawalker.com/rite-of-baptism-booklet.pdf
    • http://www.gorillawalker.com/grand-scene-of-the-consecration-and-first-finale-from-aida.pdf
    • http://www.gorillawalker.com/principles-of-verifiable-rtl-design-a-functional-coding-style-supporting.pdf
    • http://www.gorillawalker.com/sweet-envy-deceptively-easy-desserts-designed-to-steal-the-show.pdf
    • http://www.gorillawalker.com/rudolph-s-brief-atlas-of-the-newborn.pdf
    • http://www.gorillawalker.com/maid-to-obey-her-maid-trilogy-book-2.pdf
    • http://www.gorillawalker.com/multi-choice-questions-and-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.