Malicious PDF — malware analysis report

Static analysis result for SHA-256 f29c4babd676f728…

MALICIOUS

PDF

45.7 KB Created: 2018-11-26 08:33:52 +03:00 Authoring application: Acrobat PDFMaker 10.0 for Word (via Adobe PDF Library 10.0)
MD5: 91431d88ba1ab630afaf33b41256663c SHA-1: 51c4d640bdd2e3c07839e9638385190627c8fa05 SHA-256: f29c4babd676f728ba5e46085f88c66d9012b0d64980f6e9719261594cbb09d9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' directly identifies this behavior. No scripts were extracted, and the document body was not parsable, limiting the analysis to the link structure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-second-heads-tails.pdf
    • http://www.gorillawalker.com/testing-in-scrum-a-guide-for-software-quality-assurance-in.pdf
    • http://www.gorillawalker.com/atlas-of-pakistan-for-high-schools-detailed-48-page-full.pdf
    • http://www.gorillawalker.com/terrorism-and-homeland-security-a-text-reader.pdf
    • http://www.gorillawalker.com/grzimeks-animal-life-encyclopedia-mammals-iv-volume-15-grzimek-s.pdf
    • http://www.gorillawalker.com/analysis-of-unsteady-wave-processes-in-a-rotating-channel-sudoc.pdf
    • http://www.gorillawalker.com/dragon-horse-war-the-calling.pdf
    • http://www.gorillawalker.com/charles-dickens-s-networks-public-transport-and-the-novel.pdf
    • http://www.gorillawalker.com/baseball-wonder-books-level-1-sports.pdf
    • http://www.gorillawalker.com/kleines-hundeherz-sucht-gro-es-gl-ck-german-edition.pdf
    • http://www.gorillawalker.com/a-manual-of-nuer-law-being-an-account-of-customary.pdf
    • http://www.gorillawalker.com/the-high-trust-classroom.pdf
    • http://www.gorillawalker.com/the-key-to-medicine-and-a-guide-for-students-miftah.pdf
    • http://www.gorillawalker.com/paddling-partners-fifty-years-of-northern-canoe-travel.pdf
    • http://www.gorillawalker.com/baby-markets-money-and-the-new-politics-of-creating-families.pdf
    • http://www.gorillawalker.com/haccp-system-of-internal-audit-planning-and-implementation-the-modern.pdf
    • http://www.gorillawalker.com/commercial-law-sale-of-goods-consumer-credit-and-agency-textbook.pdf
    • http://www.gorillawalker.com/brilliant-brits-elizabeth-i.pdf
    • http://www.gorillawalker.com/human-resources-in-the-leisure-and-tourism-industries-for-advanced.pdf
    • http://www.gorillawalker.com/collection-evaluation-in-academic-libraries-a-guide-and-annotated-bibliography.pdf
    • http://www.gorillawalker.com/weight-loss-with-walking-a-simple-but-honestly-working-guide.pdf
    • http://www.gorillawalker.com/double-concerto-in-d-minor-kalmus-edition.pdf
    • http://www.gorillawalker.com/dk-world-atlas-second-edition.pdf
    • http://www.gorillawalker.com/security-analysis-principles-and-techniques-2nd-second-edition.pdf
    • http://www.gorillawalker.com/physician-assistant-acute-care-protocols-third-edition-for-emergency-departments.pdf
    • http://www.gorillawalker.com/inside-autodesk-animator-the-complete-guide-to-animation-on-a.pdf
    • http://www.gorillawalker.com/the-hour-i-first-believed.pdf
    • http://www.gorillawalker.com/the-disease-free-revolution.pdf
    • http://www.gorillawalker.com/games-ideas-and-activities-for-primary-pshe-classroom-gems.pdf
    • http://www.gorillawalker.com/mind-controllers.pdf
    • http://www.gorillawalker.com/a-faure-clarinet-album-arranged-by-sidney-lawton-clarinet-piano.pdf
    • http://www.gorillawalker.com/the-tennis-drill-book-2e-kindle-edition.pdf
    • http://www.gorillawalker.com/seven-pillars-of-wisdom-a-triumph-two-volumes.pdf
    • http://www.gorillawalker.com/attention-deficit-disorder-add-to-the-call-of-god.pdf
    • http://www.gorillawalker.com/angels-in-america-part-two-perestroika.pdf
    • http://www.gorillawalker.com/brain-box-bookinabox.pdf
    • http://www.gorillawalker.com/interactive-drilling-for-fast-track-oilfield-development.pdf
    • http://www.gorillawalker.com/salvation-anomaly-series-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/cib-practice-and-revision-kit-law-relating-to-banking-services.pdf
    • http://www.gorillawalker.com/a-short-chronology-of-world-cinema.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.