Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe633f89611e7438…

MALICIOUS

PDF

43.6 KB Created: 2018-12-14 20:02:40 +03:00 Authoring application: - (via Acrobat Web Capture 5.0)
MD5: 8026653d5d67e439c6b260e223f9066e SHA-1: 9387aaf7e23fb7cc5a50f4ca435ac50eb8117b2e SHA-256: fe633f89611e74389cdd9f655c349b80f90370048d5878fdc09665690884a4d7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically flags this behavior, indicating a mass external link farm. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-e-r-davis-primer.pdf
    • http://www.gorillawalker.com/handel-s-oratorio-jephtha-in-vocal-score-with-accompaniment-for.pdf
    • http://www.gorillawalker.com/celebrity-diplomacy-international-studies-intensives.pdf
    • http://www.gorillawalker.com/the-2013-world-market-forecasts-for-imported-additives-for-lubricating.pdf
    • http://www.gorillawalker.com/the-cancer-in-healthcare-how-greed-is-killing-what-we.pdf
    • http://www.gorillawalker.com/david-busch-s-sony-slt-a37-guide-to-digital-photography.pdf
    • http://www.gorillawalker.com/eagles-at-war-eagles-of-rome.pdf
    • http://www.gorillawalker.com/birding-indonesia.pdf
    • http://www.gorillawalker.com/advanced-nuclear-systems-consuming-excess-plutonium-nato-science-partnership-sub.pdf
    • http://www.gorillawalker.com/french-stories-contes-fran-ais-a-dual-language-book-english.pdf
    • http://www.gorillawalker.com/mathematics-1001-absolutely-everything-that-matters-about-mathematics-in-1001.pdf
    • http://www.gorillawalker.com/the-little-vampire-s-diary-pop-up-books.pdf
    • http://www.gorillawalker.com/steck-vaughn-building-strategies-student-workbook-grades-9-up-social.pdf
    • http://www.gorillawalker.com/secrets-of-the-sexually-satisfied-woman-ten-keys-to-unlocking.pdf
    • http://www.gorillawalker.com/paul-robeson-speaks-writings-speeches-and-interviews-a-centennial-celebration.pdf
    • http://www.gorillawalker.com/in-search-of-the-double-helix.pdf
    • http://www.gorillawalker.com/whole-foods-always-picture-book-carry-gakken-isbn-4052033787-2011.pdf
    • http://www.gorillawalker.com/the-cross-of-lead-crispin-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-shipwreck-the-inuk-quartet-volume-i.pdf
    • http://www.gorillawalker.com/veterinary-journal-and-annals-of-comparative-pathology-volume-22-23.pdf
    • http://www.gorillawalker.com/musica-para-piano-spanish-edition.pdf
    • http://www.gorillawalker.com/titanic-trivia.pdf
    • http://www.gorillawalker.com/extracts-from-the-letters-of-james-backhouse-now-engaged-in.pdf
    • http://www.gorillawalker.com/how-to-open-operate-a-financially-successful-personal-financial-planning.pdf
    • http://www.gorillawalker.com/dylan-thomas-portrait-of-the-artist-as-a-young-dog.pdf
    • http://www.gorillawalker.com/2011-winnie-the-pooh-wall-calendar.pdf
    • http://www.gorillawalker.com/secrets-of-watercolor-from-basics-to-special-effects-essential-artist.pdf
    • http://www.gorillawalker.com/designers-guide-to-en-1991-1-4-eurocode-1-actions.pdf
    • http://www.gorillawalker.com/small-apartments.pdf
    • http://www.gorillawalker.com/fosamax-alendronate-treats-or-prevents-osteoporosis-and-also-treats-paget.pdf
    • http://www.gorillawalker.com/victorian-house-home-design-photo-book-home-design-by-jeff.pdf
    • http://www.gorillawalker.com/romantic-anatomies-of-performance.pdf
    • http://www.gorillawalker.com/olivia-and-the-pet-project-olivia-tv-tie-in.pdf
    • http://www.gorillawalker.com/all-but-my-life-fsg-audio.pdf
    • http://www.gorillawalker.com/children-s-animal-encyclopedia.pdf
    • http://www.gorillawalker.com/percent-and-ratio-smarts-math-smarts.pdf
    • http://www.gorillawalker.com/hummel-s-cross-kindle-edition.pdf
    • http://www.gorillawalker.com/persons-in-context-building-a-science-of-the-individual.pdf
    • http://www.gorillawalker.com/it-s-happy-bunny-2015-premium-wall-calendar.pdf
    • http://www.gorillawalker.com/mel-bay-presents-brazilian-choro-choro-brasileiro-a-method-for.pdf
    • http://www.gorillawalker.com/david-busch-s-sony-slt-a37-guide-to-digita
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.