Malicious PDF — malware analysis report

Static analysis result for SHA-256 0df2f41187b51062…

MALICIOUS

PDF

34.5 KB Created: 2020-01-17 19:19:56 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 10.1.15 (Windows))
MD5: 1a50c00925d16558d96e2b0adc43b23d SHA-1: 241278356151562e32da5d50da711f5067aa4577 SHA-256: 0df2f41187b5106254f509a092048a2dc1e4e46aa427a8fc1b87a8d199552530
132 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used to inflate search engine rankings or to host malicious content. The heuristic 'SE_ADVANCE_FEE_SCAM_LURE' strongly indicates the document's purpose is to trick users into paying fees for non-existent prizes or parcels. No scripts were extracted from this sample, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-power-of-the-dharma-an-introduction-to-hinduism-and.pdf
    • http://www.gorillawalker.com/ten-must-see-sights-barcelona-kindle-edition.pdf
    • http://www.gorillawalker.com/lost-cities-of-ancient-lemuria-and-the-pacific-the-lost.pdf
    • http://www.gorillawalker.com/evil-agenda-of-the-secret-government.pdf
    • http://www.gorillawalker.com/all-you-need-to-know-about-vitamins-learn-the-great.pdf
    • http://www.gorillawalker.com/the-friendship-pact-kindle-edition.pdf
    • http://www.gorillawalker.com/the-delights-of-vegetarian-cooking.pdf
    • http://www.gorillawalker.com/current-techniques-in-intervention-radiology.pdf
    • http://www.gorillawalker.com/a-treatise-on-the-theory-and-management-of-ulcers-with.pdf
    • http://www.gorillawalker.com/aftershock-protect-yourself-and-profit-in-the-next-global-financial.pdf
    • http://www.gorillawalker.com/sage-spirit-landscape-and-livelihood-in-the-american-west.pdf
    • http://www.gorillawalker.com/grono.pdf
    • http://www.gorillawalker.com/the-inquest-hardscrabble-books-fiction-of-new-england.pdf
    • http://www.gorillawalker.com/nutraceuticals-the-complete-encyclopedia-of-supplements-herbs-vitamins-and-healing.pdf
    • http://www.gorillawalker.com/the-consistency-of-the-continuum-hypothesis.pdf
    • http://www.gorillawalker.com/critical-care-algorithms-oxford-medical-publications.pdf
    • http://www.gorillawalker.com/the-god-who-kneels-a-forty-day-meditation-on-john.pdf
    • http://www.gorillawalker.com/a-history-of-theatre-in-africa.pdf
    • http://www.gorillawalker.com/comunicaci-n-oral-y-escrita-spanish-edition.pdf
    • http://www.gorillawalker.com/potential-of-wind-power-in-kazakhstan-resource-potential-and-environmental.pdf
    • http://www.gorillawalker.com/the-oxford-picture-dictionary-english-russian-edition-the-oxford-picture.pdf
    • http://www.gorillawalker.com/holy-gift-the-true-meaning-of-gold-frankincense-and-myrrh.pdf
    • http://www.gorillawalker.com/historic-haunts-of-long-island-ghosts-and-legends-from-the.pdf
    • http://www.gorillawalker.com/entropy-analysis-an-introduction-to-chemical-thermodynamics.pdf
    • http://www.gorillawalker.com/smarter-backpacking-or-how-every-backpacker-can-apply-lightweight-trekking.pdf
    • http://www.gorillawalker.com/what-to-drink-non-alcoholic-drinks-and-cocktails-served-during.pdf
    • http://www.gorillawalker.com/rebellion-tankborn-trilogy.pdf
    • http://www.gorillawalker.com/die-scheidungspapiere-roman-german-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-daoist-philosophies.pdf
    • http://www.gorillawalker.com/wow-worship-2014-songbook-green.pdf
    • http://www.gorillawalker.com/owned-by-the-alphas-part-four-a-werewolf-shifter-paranormal.pdf
    • http://www.gorillawalker.com/sacrifice-magic-behind-the-mic-kindle-edition.pdf
    • http://www.gorillawalker.com/charities-a-framework-for-the-future-a-framework-for-the.pdf
    • http://www.gorillawalker.com/the-sacred-prostitute-eternal-aspect-of-the-feminine-studies-in.pdf
    • http://www.gorillawalker.com/thomas-more-on-statesmanship.pdf
    • http://www.gorillawalker.com/under-this-roof-the-white-house-and-the-presidency-21.pdf
    • http://www.gorillawalker.com/from-conflict-to-cooperation-succeed-with-rocco-s-4-r.pdf
    • http://www.gorillawalker.com/how-to-start-a-home-based-online-retail-business-home.pdf
    • http://www.gorillawalker.com/jimmy-the-hand-legends-of-the-riftwar-book-3.pdf
    • http://www.gorillawalker.com/ezra-pound-and-the-symbolist-inheritance-princeton-legacy-library.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.