Malicious PDF — malware analysis report

Static analysis result for SHA-256 05cebf355f0bce99…

MALICIOUS

PDF

35.9 KB Created: 2019-12-13 19:48:12 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.40.9)
MD5: fd4be2e6c0c1d981d04c931edeca7ed5 SHA-1: a9269d34028b3769c91cf22f0dba4212fcbc1e0c SHA-256: 05cebf355f0bce9916ddb56124b06997469cb07351b6fd9e2b659114788cc7d5
112 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of external links, many of which appear to be book titles, suggesting a link farm or SEO manipulation tactic. The 'SE_CALLBACK_LURE' heuristic indicates the document is designed to prompt users to call a phone number, consistent with callback phishing or tech-support scams. Although no scripts were explicitly extracted, the PDF structure and embedded links are indicative of malicious intent, likely to direct users to malicious websites or engage them in a scam.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8218

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fifty-shades-freed-fifty-shades-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/the-golden-years-of-british-trams-the-work-of-henry.pdf
    • http://www.gorillawalker.com/a-history-for-the-future-rewriting-memory-and-identity-in.pdf
    • http://www.gorillawalker.com/secondary-recovery-and-carbonate-reservoirs.pdf
    • http://www.gorillawalker.com/fruit-carving-the-easy-way-kindle-edition.pdf
    • http://www.gorillawalker.com/imaging-spine-after-treatment-a-case-based-atlas.pdf
    • http://www.gorillawalker.com/nascar-racing-inside-the-speedway.pdf
    • http://www.gorillawalker.com/called-to-account-financial-frauds-that-shaped-the-accounting-profession.pdf
    • http://www.gorillawalker.com/prisoners-of-the-sun-the-adventures-of-tintin.pdf
    • http://www.gorillawalker.com/women-s-evangelical-commentary-new-testament.pdf
    • http://www.gorillawalker.com/life-s-stuff-a-workbook-to-compile-family-information-for.pdf
    • http://www.gorillawalker.com/tyrannie-de-la-majorit.pdf
    • http://www.gorillawalker.com/the-letters-of-frida-kahlo-cartas-apasionadas.pdf
    • http://www.gorillawalker.com/christian-megahits-the-ultimate-sheet-music-collection-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/the-baboon-in-biomedical-research-developments-in-primatology-progress-and.pdf
    • http://www.gorillawalker.com/1000-quilt-inspirations-colorful-and-creative-designs-for-traditional-modern.pdf
    • http://www.gorillawalker.com/the-management-of-substance-misuse-in-primary-care.pdf
    • http://www.gorillawalker.com/genetically-modified-food-food-matters.pdf
    • http://www.gorillawalker.com/swim-speed-workouts-for-swimmers-and-triathletes-the-breakout-plan.pdf
    • http://www.gorillawalker.com/digest-of-the-questions-set-in-the-bar-solicitors-final.pdf
    • http://www.gorillawalker.com/secrets-of-the-six-figure-author-mastering-the-inner-game.pdf
    • http://www.gorillawalker.com/the-lost-books-of-the-bible-being-all-the-gospels.pdf
    • http://www.gorillawalker.com/poems-on-parade-a-display-of-lyrical-forms-kindle-edition.pdf
    • http://www.gorillawalker.com/squad-77-1-kindle-edition.pdf
    • http://www.gorillawalker.com/secret-summer.pdf
    • http://www.gorillawalker.com/you-can-feel-good-again-common-sense-strategies-for-releasing.pdf
    • http://www.gorillawalker.com/softball-drill-notebook-for-winners.pdf
    • http://www.gorillawalker.com/foundation-design-theory-and-practice.pdf
    • http://www.gorillawalker.com/youmans-neurological-surgery-4-volume-set-expert-consult-online-and.pdf
    • http://www.gorillawalker.com/west-african-studies-west-african-mobility-and-migration-policies-of.pdf
    • http://www.gorillawalker.com/through-the-overcast-the-art-of-instrument-flying.pdf
    • http://www.gorillawalker.com/barracuda-xtreme-fish.pdf
    • http://www.gorillawalker.com/the-chemistry-of-copper-and-zinc-triads-special-publications.pdf
    • http://www.gorillawalker.com/that-s-found-where.pdf
    • http://www.gorillawalker.com/big-slab-of-tab-guitar-manuscript-paper-8-stave.pdf
    • http://www.gorillawalker.com/sanitation-in-rural-communities-publications.pdf
    • http://www.gorillawalker.com/o-p-7-the-horrors-of-war-kindle-edition.pdf
    • http://www.gorillawalker.com/user-centered-design-a-developer-s-guide-to-building-user.pdf
    • http://www.gorillawalker.com/a-moral-economy-of-whiteness-four-frames-of-racializing-discourse.pdf
    • http://www.gorillawalker.com/biochemical-warfare-capability-and-protection.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.