Malicious PDF — malware analysis report

Static analysis result for SHA-256 f58576227d5eb023…

MALICIOUS

PDF

44.8 KB Created: 2018-12-02 10:56:10 +03:00 Authoring application: - (via PDFlib Personalization Server 5.0.1 (COM/Win32) unlicensed)
MD5: 8370ade84fa480defe646dabb2210a2f SHA-1: 4713e8156a6ccc0c8405ec782407b860d07c2841 SHA-256: f58576227d5eb023df5bff2234325311e3a8713e8c23cc45a66aeaf44a25a37e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a heuristic firing for a 'PDF_SEO_LINK_FARM', indicating a large number of embedded external links. The document body is heavily obfuscated and unreadable, but the presence of numerous links to seemingly unrelated PDF files suggests a tactic to manipulate search engine results or to serve as a distribution point for other malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hvac-level-2-trainee-guide-4th-edition.pdf
    • http://www.gorillawalker.com/the-ultimate-road-ready-guide-pace-what-every-carnival-veteran.pdf
    • http://www.gorillawalker.com/binary-decision-diagrams-and-extensions-for-system-reliability-analysis-performability.pdf
    • http://www.gorillawalker.com/evolution-of-the-economic-system-in-japan.pdf
    • http://www.gorillawalker.com/standard-catalog-of-world-coins-1601-1700-standard-catalog-of.pdf
    • http://www.gorillawalker.com/365-days-math-multiplication-series-3-digit-multiplicands-1-digit.pdf
    • http://www.gorillawalker.com/weapon-a-visual-history-of-arms-and-a.pdf
    • http://www.gorillawalker.com/jewish-memories-of-mandela.pdf
    • http://www.gorillawalker.com/please-be-patient-i-m-just-a-caregiver-well-prepared.pdf
    • http://www.gorillawalker.com/moral-panic-changing-concepts-of-the-child-molester-in-modern.pdf
    • http://www.gorillawalker.com/rachel-pollack-s-tarot-wisdom-spiritual-teachings-and-deeper-meanings.pdf
    • http://www.gorillawalker.com/parity-democracy-women-s-political-representation-in-fifth-republic-france.pdf
    • http://www.gorillawalker.com/the-mocvd-challenge-volume-2-a-survey-of-gainasp-gaas.pdf
    • http://www.gorillawalker.com/a-jazz-odyssey-the-life-of-oscar-peterson.pdf
    • http://www.gorillawalker.com/healing-from-the-core-a-journey-home-to-ourselves-7.pdf
    • http://www.gorillawalker.com/peak-physique-your-total-body-transformation.pdf
    • http://www.gorillawalker.com/la-revoluci.pdf
    • http://www.gorillawalker.com/only-with-a-bargepole.pdf
    • http://www.gorillawalker.com/cold-war-the.pdf
    • http://www.gorillawalker.com/the-fire-eaters-costa-children-s-book-award-awards.pdf
    • http://www.gorillawalker.com/taste-and-smell-an-update-advances-in-oto-rhino-laryngology.pdf
    • http://www.gorillawalker.com/fluency-with-information-technology-skills-concepts-and-capabilities-iona-college.pdf
    • http://www.gorillawalker.com/pervasive-and-smart-technologies-for-healthcare-ubiquitous-methodologies-and-tools.pdf
    • http://www.gorillawalker.com/manhood.pdf
    • http://www.gorillawalker.com/the-liar-s-club.pdf
    • http://www.gorillawalker.com/trattoria-cooking.pdf
    • http://www.gorillawalker.com/pressure-oven-recipes-from-the-cooking-dude-prepare-delicious-and.pdf
    • http://www.gorillawalker.com/automotive-modelling-and-nvh-techniques-and-solutions-imeche-seminar-publication.pdf
    • http://www.gorillawalker.com/interracial-sex-xxx-hardcore-erotic-stories.pdf
    • http://www.gorillawalker.com/programmable-logic-controllers-with-controllogix.pdf
    • http://www.gorillawalker.com/but-the-crackling-is-superb-an-anthology-on-food-and.pdf
    • http://www.gorillawalker.com/the-collapse-of-the-democratic-people-s-republic-of-korea.pdf
    • http://www.gorillawalker.com/soulful-jazz-jazz-play-along-volume-105.pdf
    • http://www.gorillawalker.com/study-guide-for-in-god-s-time.pdf
    • http://www.gorillawalker.com/vienna-city-map.pdf
    • http://www.gorillawalker.com/400-must-have-words-for-the-toefl-by-stafford-yilmaz.pdf
    • http://www.gorillawalker.com/paganini-el-escribiente.pdf
    • http://www.gorillawalker.com/africa-wo-man-palava-the-nigerian-novel-by-women-women.pdf
    • http://www.gorillawalker.com/power-of-a-woman-memoirs-of-a-turbulent-life-eleanor.pdf
    • http://www.gorillawalker.com/good-night-new-hampshire-good-night-our-world.pdf
    • http://www.gorillawalker.com/365-days-math-multiplic
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.