Malicious PDF — malware analysis report

Static analysis result for SHA-256 f18192cfacc7b41e…

MALICIOUS

PDF

42.1 KB Created: 2019-03-17 04:17:53 +03:00 Authoring application: BookVirtual Digital Works (via BookVirtual Corp. Patents Pending.)
MD5: 3fd6b9a0ddf15d4d657c2a959f856e17 SHA-1: fa97dc6a59439a4a2255c62bbcd4b7a7021288a9 SHA-256: f18192cfacc7b41eafe04710090e28c6319a6b83cae1431e7d746cb2310636a0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged for containing a large number of external links, a technique often used for SEO manipulation or to distribute further malicious content. While no scripts were extracted, the sheer volume of links to external PDFs suggests a content-distribution or redirection scheme. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' attack pattern.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-beginners-method-for-soprano-and-alto-recorder-part-1.pdf
    • http://www.gorillawalker.com/meh-when-a-teacher-shrugs-seeking-ms-sandy-book-1.pdf
    • http://www.gorillawalker.com/teach-me-too.pdf
    • http://www.gorillawalker.com/the-biggest-boat-i-could-afford-sailing-up-the-u.pdf
    • http://www.gorillawalker.com/nascar-kasey-kahne-2009-calendar.pdf
    • http://www.gorillawalker.com/dishuiyan-the-book-signed-by-the-author-donated-to-the.pdf
    • http://www.gorillawalker.com/the-luciano-legacy.pdf
    • http://www.gorillawalker.com/louisville-nashville-steam-locomotives-1968-revised-edition.pdf
    • http://www.gorillawalker.com/administrative-law-and-judicial-deference-hart-studies-in-comparative-public.pdf
    • http://www.gorillawalker.com/one-hundred-and-one-famous-poems-with-a-prose-supplement.pdf
    • http://www.gorillawalker.com/venice-walks-on-foot-guides.pdf
    • http://www.gorillawalker.com/human-anatomy-for-artists.pdf
    • http://www.gorillawalker.com/seoultown-kitchen-korean-recipes-to-share-with-family-and-friends.pdf
    • http://www.gorillawalker.com/finite-mathematics.pdf
    • http://www.gorillawalker.com/bulletin-funeral-clouds.pdf
    • http://www.gorillawalker.com/soup-it-up-a-collection-of-simple-thai-soup-recipes.pdf
    • http://www.gorillawalker.com/an-introduction-to-ontology.pdf
    • http://www.gorillawalker.com/billionaire-s-forbidden-baby-bwwm-billionaire-romance-part-two.pdf
    • http://www.gorillawalker.com/what-happy-people-know-how-the-new-science-of-happiness.pdf
    • http://www.gorillawalker.com/15-herbs-for-tea-storey-s-country-wisdom-bulletin-a.pdf
    • http://www.gorillawalker.com/daily-science-grade-6-daily-practice-books.pdf
    • http://www.gorillawalker.com/ancient-corinth.pdf
    • http://www.gorillawalker.com/curveball-richmond-rogues-book-2.pdf
    • http://www.gorillawalker.com/across-the-sahara-by-land-rover-to-west-and-central.pdf
    • http://www.gorillawalker.com/indiana-core-science-life-science-flashcard-study-system-indiana-core.pdf
    • http://www.gorillawalker.com/capital-growth-what-the-2012-london-church-census-reveals.pdf
    • http://www.gorillawalker.com/dickens-and-childhood-a-library-of-essays-on-charles-dickens.pdf
    • http://www.gorillawalker.com/the-third-apprentice-kindle-edition.pdf
    • http://www.gorillawalker.com/mindfulness-for-compassionate-living-mindful-ways-to-less-stress-and.pdf
    • http://www.gorillawalker.com/assembly.pdf
    • http://www.gorillawalker.com/chasing-sacred-air-a-common-sense-guide-to-energy-efficiency.pdf
    • http://www.gorillawalker.com/witness-for-the-defense-the-accused-the-eyewitness-and-the.pdf
    • http://www.gorillawalker.com/the-american-heritage-stedman-s-medical-dictionary.pdf
    • http://www.gorillawalker.com/the-economic-structure-of-corporate-law.pdf
    • http://www.gorillawalker.com/chocolates-sweets-candies-hand-made-temptations-to-give-for-every.pdf
    • http://www.gorillawalker.com/fasting-the-ultimate-diet.pdf
    • http://www.gorillawalker.com/pdnt-volume-2-cancer-nursing.pdf
    • http://www.gorillawalker.com/growth-stagnation-or-decline-agricultural-productivity-in-british-india-oxford.pdf
    • http://www.gorillawalker.com/historical-sketches-of-kentucky-embracing-its-history-antiquities-and-natural.pdf
    • http://www.gorillawalker.com/omega-6-omega-3-essential-fatty-acid-ratio-the-scientific.pdf
    • http://www.gorillawalker.com/administrative-law-and-judicial-deference-hart-studies-in-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.