Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa3e568c6fadbc6c…

MALICIOUS

PDF

32.6 KB Created: 2019-11-10 05:16:25 +03:00 Authoring application: Arbortext Publishing Engine (via PDFlib+PDI 8.0.2p1 (Win32))
MD5: 8b08f5162d434c345312be90076f8062 SHA-1: 43cfc4ae90405d9a1b2231e6aca6dbe4fc9e2f02 SHA-256: fa3e568c6fadbc6c1f87b275609eb962a858d57e437f8424551aa65459d30238
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged for containing a large number of external links, suggesting a link farm or a method to distribute further malicious content. The document body itself is heavily obfuscated and does not provide clear textual clues. The primary heuristic indicates a mass of external PDF links, with the first URL being http://www.gorillawalker.com/little-cow-finger-puppet-book-little-finger-puppet-board-books.pdf. This suggests the PDF's purpose is to lure users to these external resources.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/little-cow-finger-puppet-book-little-finger-puppet-board-books.pdf
    • http://www.gorillawalker.com/swimming-to-antarctica-tales-of-a-long-distance-swimmer.pdf
    • http://www.gorillawalker.com/bxs.pdf
    • http://www.gorillawalker.com/daddy-s-little-ballerina-an-ultimate-forbidden-sports-taboo-story.pdf
    • http://www.gorillawalker.com/the-illuminated-life-of-the-great-yolmowa.pdf
    • http://www.gorillawalker.com/thief-of-his-heart.pdf
    • http://www.gorillawalker.com/the-last-village-smithy-memories-of-a-small-town-in.pdf
    • http://www.gorillawalker.com/caged-warrior.pdf
    • http://www.gorillawalker.com/ethics-the-essential-writings-modern-library-classics.pdf
    • http://www.gorillawalker.com/dust-in-the-solar-system-and-other-planetary-systems-cospar.pdf
    • http://www.gorillawalker.com/quick-reads-volume-1-2-book-set-taboo-interracial-pregnancy.pdf
    • http://www.gorillawalker.com/thetahealing-seven-planes-of-existence.pdf
    • http://www.gorillawalker.com/intervention-shaping-the-global-order.pdf
    • http://www.gorillawalker.com/sherlock-holmes-and-count-dracula-the-adventure-of-the-solitary.pdf
    • http://www.gorillawalker.com/bloodlust-on-the-roots-of-violence-from-cain-and-abel.pdf
    • http://www.gorillawalker.com/accent-on-achievement-with-interactive-cd-for-tuba-two-book.pdf
    • http://www.gorillawalker.com/jesus-only-churches.pdf
    • http://www.gorillawalker.com/the-everything-vitamins-minerals-and-nutritional-supplements-book-everything-health.pdf
    • http://www.gorillawalker.com/mist-on-water.pdf
    • http://www.gorillawalker.com/the-best-of-russian-cooking-hippocrene-international-cookbook-series.pdf
    • http://www.gorillawalker.com/complete-book-of-hair-care.pdf
    • http://www.gorillawalker.com/prohibited-an-erotic-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/called-to-greatness-52-devotions-for-fathers-sons.pdf
    • http://www.gorillawalker.com/god-s-polished-arrow-wc-burns-revival-preacher.pdf
    • http://www.gorillawalker.com/taylor-8e-coursepoint-text-carpenito-14e-text-plus-lww-docucare.pdf
    • http://www.gorillawalker.com/global-bollywood.pdf
    • http://www.gorillawalker.com/10-000-jokes-toasts-stories-arranged-by-subject-and-completely.pdf
    • http://www.gorillawalker.com/3d-printing-advantages-challenges-business-applications-and-future-prospects-books.pdf
    • http://www.gorillawalker.com/darkened-hollows-west-virginia-vampire.pdf
    • http://www.gorillawalker.com/collected-works-of-james-wilson-in-two-volumes.pdf
    • http://www.gorillawalker.com/clean-in-place-for-biopharmaceutical-processes-drugs-and-the-pharmaceutical.pdf
    • http://www.gorillawalker.com/why-stomach-acid-is-good-for-you-natural-relief-from.pdf
    • http://www.gorillawalker.com/king-dragon.pdf
    • http://www.gorillawalker.com/decoys.pdf
    • http://www.gorillawalker.com/the-changing-face-of-american-society-1945-2000-the-drama.pdf
    • http://www.gorillawalker.com/developing-series-60-applications-a-guide-for-symbian-os-c.pdf
    • http://www.gorillawalker.com/haiku-per-un-febbraio-bisestile-italian-edition.pdf
    • http://www.gorillawalker.com/saint-saens-camille-introduction-and-rondo-capriccioso-op-28-violin.pdf
    • http://www.gorillawalker.com/american-landscape-painting-an-interpretation.pdf
    • http://www.gorillawalker.com/alfred-star-wars-trumpet-instrumental-solos-movies-i-vi-book.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.