Malicious PDF — malware analysis report

Static analysis result for SHA-256 08b1c38a2a9802b8…

MALICIOUS

PDF

32.9 KB Created: 2020-01-03 01:15:55 +03:00 Authoring application: http://www.helpandmanual.com (via wPDF3 by WPCubed GmbH)
MD5: ee84e23fe2c1a309eaaf66bf1afacf64 SHA-1: c5a0b52062e1fc21dbf089d77fa2e5c04780cfdf SHA-256: 08b1c38a2a9802b81dce1256b679dbbd8e58383ca5b8935d77fb8e6dc963a7a3
132 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, identified as a 'PDF_SEO_LINK_FARM' and an 'ADVANCE_FEE_SCAM_LURE'. While no scripts were explicitly extracted, the presence of embedded URLs and the nature of the heuristic firings suggest a malicious intent to direct users to potentially harmful or deceptive content, possibly for financial gain or SEO manipulation. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/against-butterflies.pdf
    • http://www.gorillawalker.com/truth-or-propaganda-kindle-edition.pdf
    • http://www.gorillawalker.com/the-macro-economy-today.pdf
    • http://www.gorillawalker.com/in-search-of-a-vision-a-boner-book.pdf
    • http://www.gorillawalker.com/embrace-and-bloom-hentai.pdf
    • http://www.gorillawalker.com/orlando-innamorato-di-matteo-m-bojardo-volume-2-italian-edition.pdf
    • http://www.gorillawalker.com/virginia-atlas-and-gazetteer-virginia-atlas-gazeteer.pdf
    • http://www.gorillawalker.com/new-bern-tales-from-the-inner-banks-american-chronicles.pdf
    • http://www.gorillawalker.com/sex-and-ethics-in-spanish-cinema.pdf
    • http://www.gorillawalker.com/complete-idiot-s-guide-to-tax-free-investing.pdf
    • http://www.gorillawalker.com/asian-economic-systems.pdf
    • http://www.gorillawalker.com/functional-verification-of-dynamically-reconfigurable-fpga-based-systems.pdf
    • http://www.gorillawalker.com/the-rhine-end-to-end-andermatt-to-basel-pt-1.pdf
    • http://www.gorillawalker.com/romance-of-the-three-kingdoms-four-volumes-chinese-edition.pdf
    • http://www.gorillawalker.com/the-betsy-tacy-companion-a-biography-of-maud-hart-lovelace.pdf
    • http://www.gorillawalker.com/push-button-fitness-dvds-that-help-dancers-stretch-and-tone.pdf
    • http://www.gorillawalker.com/the-upside-down-constitution.pdf
    • http://www.gorillawalker.com/a-history-of-gold-and-money-1450-1920-verso-world.pdf
    • http://www.gorillawalker.com/campeones-204-champions-campeones-champions-spanish-edition.pdf
    • http://www.gorillawalker.com/life-story.pdf
    • http://www.gorillawalker.com/antipredator-defenses-in-birds-and-mammals-interspecific-interactions.pdf
    • http://www.gorillawalker.com/elephants-in-the-church-participants-guide-dialog.pdf
    • http://www.gorillawalker.com/reporting-technical-information-11th-eleventh-edition.pdf
    • http://www.gorillawalker.com/the-olive-tree.pdf
    • http://www.gorillawalker.com/how-to-win-at-gin-rummy.pdf
    • http://www.gorillawalker.com/life-is-what-you-make-it-find-your-own-path.pdf
    • http://www.gorillawalker.com/rock-keyboard-the-complete-guide-with-cd-hal-leonard-keyboard.pdf
    • http://www.gorillawalker.com/rand-mcnally-streetfinder-raleigh-wake-county.pdf
    • http://www.gorillawalker.com/killer-whales-worldlife-library-special.pdf
    • http://www.gorillawalker.com/pathways-3-listening-speaking-and-critical-thinking.pdf
    • http://www.gorillawalker.com/helicopter-evolution-a-collection-of-vintage-rotorcraft-photographs.pdf
    • http://www.gorillawalker.com/management-of-temporomandibular-disorders-and-occlusion-6e-6th-edition-by.pdf
    • http://www.gorillawalker.com/popular-music-culture-the-key-concepts-routledge-key-guides.pdf
    • http://www.gorillawalker.com/carte-routi-re-italie-ii-v-n-tie.pdf
    • http://www.gorillawalker.com/hegel-idealism-and-analytic-philosophy.pdf
    • http://www.gorillawalker.com/law-of-employment.pdf
    • http://www.gorillawalker.com/the-reluctant-swordsman-the-seventh-sword.pdf
    • http://www.gorillawalker.com/moving-to-puerto-rico-living-on-the-island-of-enchantment.pdf
    • http://www.gorillawalker.com/acca-p6-irish-tax-practice-and-revision-kit.pdf
    • http://www.gorillawalker.com/campsite-to-kitchen-tastes-and-traditions-from-america-s-great.pdf
    • http://www.helpandmanual.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.