Malicious PDF — malware analysis report

Static analysis result for SHA-256 05e9438d3ec8156b…

MALICIOUS

PDF

44.2 KB Created: 2018-12-14 20:07:06 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 8.0.0 (Windows))
MD5: 1ad098063c784bf63351996ac5ca52d6 SHA-1: 689555f509a46cbab1b0dd2d9b110b3994fd0cb4 SHA-256: 05e9438d3ec8156b0a01d5d158e03e0db85ade1f7e583fb993b708a1dfa9595a
132 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests an attempt to manipulate search engine results or distribute malicious content via these links. The SE_ADVANCE_FEE_SCAM_LURE heuristic indicates that the document's content is designed to deceive users, likely as part of an advance-fee fraud scheme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/teaching-the-levees-a-curriculum-for-democratic-dialogue-and-civic.pdf
    • http://www.gorillawalker.com/my-visit-to-distressed-ireland.pdf
    • http://www.gorillawalker.com/erythrocyte-structure-and-function-proceedings-of-the-third-international-conference.pdf
    • http://www.gorillawalker.com/the-best-american-travel-writing-2005-the-best-american-series.pdf
    • http://www.gorillawalker.com/burger-recipes-50-delicious-all-time-favorite-burger-recipes.pdf
    • http://www.gorillawalker.com/from-slavery-to-freedom-v2-9th.pdf
    • http://www.gorillawalker.com/an-introduction-to-billiards-kindle-edition.pdf
    • http://www.gorillawalker.com/i-d-rather-laugh-how-to-be-happy-even-when.pdf
    • http://www.gorillawalker.com/santana-war-chief-of-the-mescalero-apache.pdf
    • http://www.gorillawalker.com/cambridge-english-first-5-student-s-book-with-answers-authentic.pdf
    • http://www.gorillawalker.com/counter-clockwise-a-young-adult-time-travel-romance-the-clockwise.pdf
    • http://www.gorillawalker.com/new-in-chess-yearbook-102-the-chess-player-s-guide.pdf
    • http://www.gorillawalker.com/never-too-old-to-teach-how-middle-aged-wisdom-can.pdf
    • http://www.gorillawalker.com/how-to-restore-honda-cx500-cx650-your-step-by-step.pdf
    • http://www.gorillawalker.com/walks-and-climbs-in-the-pyrenees-cicerone-mountain-walking.pdf
    • http://www.gorillawalker.com/game-theory-under-mcdm-and-fuzzy-set-theory-some-problems.pdf
    • http://www.gorillawalker.com/love-detox-changing-normal-how-i-helped-my-husband-beat.pdf
    • http://www.gorillawalker.com/textbook-of-the-fundus-of-the-eye.pdf
    • http://www.gorillawalker.com/great-gardens-of-spain.pdf
    • http://www.gorillawalker.com/neil-gaiman-s-neverwhere.pdf
    • http://www.gorillawalker.com/encyclopedia-of-pharmaceutical-technology-volume-4-design-of-drugs-to.pdf
    • http://www.gorillawalker.com/good-enough-to-eat.pdf
    • http://www.gorillawalker.com/the-magical-life-of-long-tack-sam-an-illustrated-memoir.pdf
    • http://www.gorillawalker.com/head-and-neck-anatomy-a-clinical-reference.pdf
    • http://www.gorillawalker.com/ms-frizzle-s-adventures-ancient-egypt.pdf
    • http://www.gorillawalker.com/illuminating-schizophrenia-insights-into-the-uncommon-mind.pdf
    • http://www.gorillawalker.com/unit-operations-in-chemical-engineering-6th-edition-solutions-manual.pdf
    • http://www.gorillawalker.com/speeches-that-changed-the-world-hardcover.pdf
    • http://www.gorillawalker.com/chopsticks-in-the-land-of-cotton-lives-of-mississippi-delta.pdf
    • http://www.gorillawalker.com/genghis-khan-conqueror-of-the-world.pdf
    • http://www.gorillawalker.com/star-wars-omnibus-dark-times-vol-1.pdf
    • http://www.gorillawalker.com/vegetarian-sauces-a-complete-collection-of-old-time-sauces.pdf
    • http://www.gorillawalker.com/toy-monster-the-big-bad-world-of-mattel.pdf
    • http://www.gorillawalker.com/the-hidden-cure-the-five-laws-of-perfect-health.pdf
    • http://www.gorillawalker.com/flight-from-death.pdf
    • http://www.gorillawalker.com/collaborative-circles-friendship-dynamics-and-creative-work.pdf
    • http://www.gorillawalker.com/alexander-s-care-of-the-patient-in-surgery-12e-and.pdf
    • http://www.gorillawalker.com/chess-studies-and-end-games.pdf
    • http://www.gorillawalker.com/he-ain-t-no-bun.pdf
    • http://www.gorillawalker.com/crystallization-fourth-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.