Malicious PDF — malware analysis report

Static analysis result for SHA-256 f9a3c731c7310c2b…

MALICIOUS

PDF

33.2 KB Created: 2019-12-13 16:32:01 +03:00 Authoring application: Writer (via OpenOffice.org 3.2)
MD5: 453c1f9d1923d5233659c02f2040adf9 SHA-1: d65621c8d275f90d5bda0aee40c9eb1ff995fe88 SHA-256: f9a3c731c7310c2b0322e8ae5a80d41b28e11f2f866ac926d5227916eb362aec
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a heuristic firing for PDF_SEO_LINK_FARM, indicating it is designed to host a large number of external links. The document body is heavily obfuscated, but the numerous extracted URLs all point to PDFs on the same domain, suggesting a coordinated effort to distribute content or potentially lure users to malicious sites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/an-argument-and-strategy-for-bilateral-talks-between-the-united.pdf
    • http://www.gorillawalker.com/worth-a-shot-salem-s-tails.pdf
    • http://www.gorillawalker.com/good-food-for-diabetes.pdf
    • http://www.gorillawalker.com/walking-weight-loss-with-walking-the-workout-plan-that-will.pdf
    • http://www.gorillawalker.com/communicating-in-groups-applications-and-skills.pdf
    • http://www.gorillawalker.com/chronicles-volume-one.pdf
    • http://www.gorillawalker.com/doctor-mary-in-arabia-memoirs.pdf
    • http://www.gorillawalker.com/toward-the-one.pdf
    • http://www.gorillawalker.com/body-wars.pdf
    • http://www.gorillawalker.com/a-light-to-the-nations-the-missional-church-and-the.pdf
    • http://www.gorillawalker.com/st-paul-s-newgate-1873-london-large-scale-sheet-07.pdf
    • http://www.gorillawalker.com/business-by-the-book-complete-guide-of-biblical-principles-for.pdf
    • http://www.gorillawalker.com/weng-s-chop-5-jiangshi-cover.pdf
    • http://www.gorillawalker.com/a-ram-in-the-thicket-the-story-of-a-roaming.pdf
    • http://www.gorillawalker.com/psychoanalytic-theory-an-introduction.pdf
    • http://www.gorillawalker.com/the-illustrated-encyclopedia-of-world-mythology.pdf
    • http://www.gorillawalker.com/kunstlerportrat-manfred-leve-german-edition.pdf
    • http://www.gorillawalker.com/zimbabwe-handbook-travel-guide-to-zimbabwe-footprint-handbooks-by-williams.pdf
    • http://www.gorillawalker.com/the-organic-guide-to-edible-gardens-kindle-edition.pdf
    • http://www.gorillawalker.com/austin-kindle-edition.pdf
    • http://www.gorillawalker.com/butter-busters.pdf
    • http://www.gorillawalker.com/i-remember-beirut-nonfiction-young-adult-kindle-edition.pdf
    • http://www.gorillawalker.com/flat-belly-pilates-intermediate-pilates-guide.pdf
    • http://www.gorillawalker.com/unpopular-culture-transforming-the-european-comic-book-in-the-1990s.pdf
    • http://www.gorillawalker.com/curves.pdf
    • http://www.gorillawalker.com/flu-the-story-of-the-great-influenza-pandemic-of-1918.pdf
    • http://www.gorillawalker.com/the-power-of-two-a-twin-triumph-over-cystic-fibrosis.pdf
    • http://www.gorillawalker.com/eastern-turkey-a-traveller-s-handbook-ankara-n-n-dogusundaki.pdf
    • http://www.gorillawalker.com/scrabble-the-unofficial-word-strategy-tips-and-tricks-to-playing.pdf
    • http://www.gorillawalker.com/pinkalicious-the-princess-of-pink-slumber-party-i-can-read.pdf
    • http://www.gorillawalker.com/uprising-fallen-from-grace-volume-2.pdf
    • http://www.gorillawalker.com/italian-cooking-school-pasta.pdf
    • http://www.gorillawalker.com/intrauterine-growth-restriction-aetiology-and-management.pdf
    • http://www.gorillawalker.com/less-is-more-how-to-de-clutter-your-life.pdf
    • http://www.gorillawalker.com/the-modern-traveller-a-popular-description-geographical-historical-and-topographical.pdf
    • http://www.gorillawalker.com/discourse-analysis-and-the-new-testament-approaches-and-results-the.pdf
    • http://www.gorillawalker.com/all-about-flowers-acorn-all-about-plants.pdf
    • http://www.gorillawalker.com/dame-la-mano-give-me-your-hand-spanish-edition.pdf
    • http://www.gorillawalker.com/soccer-coaching-manual-the-most-effective-use-of-space-kindle.pdf
    • http://www.gorillawalker.com/black-in-blue-african-american-police-officers-and-racism.pdf
    • http://www.gorillawalker.com/business-by-the-book-complete-gu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.