Malicious PDF — malware analysis report

Static analysis result for SHA-256 17d09e7957debbf4…

MALICIOUS

PDF

40.9 KB Created: 2018-12-15 20:05:50 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Publisher (via Acrobat Distiller 7.0 (Windows))
MD5: 32401c88abc43401e7b4c8363f2927ea SHA-1: c1bd2b15d9308a5d5bc935b995f566eedc51014b SHA-256: 17d09e7957debbf416b2d9942415b7f2b6ade6ab4cb539e9207514734f2ca79c
132 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample was identified as malicious by an ML classifier and exhibits characteristics of an advance-fee scam lure, including language related to lotteries, prizes, and courier delivery. The PDF contains a large number of external links, many of which point to PDF documents on the same domain, suggesting a link farm intended to manipulate search engine results or distribute further lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/stuff-on-my-cat-2009-wall-calendar.pdf
    • http://www.gorillawalker.com/the-pilot-s-manual-ground-school-all-the-aeronautical-knowledge.pdf
    • http://www.gorillawalker.com/if-this-is-a-man-arabic.pdf
    • http://www.gorillawalker.com/diary-of-a-unicorn-reawakened.pdf
    • http://www.gorillawalker.com/a-phytochemical-register-of-australian-plants-vol-1-australian-literature.pdf
    • http://www.gorillawalker.com/nanotechnology-in-civil-infrastructure-a-paradigm-shift.pdf
    • http://www.gorillawalker.com/pentecostal-preaching.pdf
    • http://www.gorillawalker.com/cosplay-girls-japan-s-live-animation-heroines-cocoro-books-book.pdf
    • http://www.gorillawalker.com/introduction-to-green-chemistry.pdf
    • http://www.gorillawalker.com/differential-geometry-1972-lecture-notes-lecture-notes-series-volume-5.pdf
    • http://www.gorillawalker.com/catena-aurea-commentary-on-the-gospel-of-st-mark-commentary.pdf
    • http://www.gorillawalker.com/mt-kisavos-ossa-tembi-valley-greece-1-50-000-hiking.pdf
    • http://www.gorillawalker.com/low-frequency-noise-in-advanced-mos-devices-analog-circuits-and.pdf
    • http://www.gorillawalker.com/your-15th-club.pdf
    • http://www.gorillawalker.com/chinese-cooking-recipes-delicious-and-cheap.pdf
    • http://www.gorillawalker.com/the-global-structure-of-visual-space-advanced-series-on-mathematical.pdf
    • http://www.gorillawalker.com/billionaire-s-retreat-titillating-romance-murder-mystery-suspense-thriller.pdf
    • http://www.gorillawalker.com/case-studies-and-causal-inference-an-integrative-framework-research-methods.pdf
    • http://www.gorillawalker.com/foodservice-and-hotel-purchasing.pdf
    • http://www.gorillawalker.com/biorobotics.pdf
    • http://www.gorillawalker.com/sam-chance-a-novel-southwest-life-and-letters.pdf
    • http://www.gorillawalker.com/flight-instructor-instrument-practical-test-standards-for-airplane-and-helicopter.pdf
    • http://www.gorillawalker.com/intellectual-disability-definition-classification-and-systems-of-supports-11th-edition.pdf
    • http://www.gorillawalker.com/electromagnetic-fields-a-summa-book.pdf
    • http://www.gorillawalker.com/the-first-americans-life-in-the-time-of.pdf
    • http://www.gorillawalker.com/forbidden-pleasures-vol-1-forbidden-taboo-bundle.pdf
    • http://www.gorillawalker.com/the-heir-largo-winch-1-v-1.pdf
    • http://www.gorillawalker.com/engaging-in-action-research-a-practical-guide-to-teacher-conducted.pdf
    • http://www.gorillawalker.com/the-body-in-contemporary-art-world-of-art-paperback-common.pdf
    • http://www.gorillawalker.com/inspector-ken-welsh-edition.pdf
    • http://www.gorillawalker.com/artifacts-an-archaeologist-s-year-in-silicon-valley.pdf
    • http://www.gorillawalker.com/amulet-jewelry-change.pdf
    • http://www.gorillawalker.com/share-me-touch-me-tie-me-one-night-with-sole.pdf
    • http://www.gorillawalker.com/the-christmas-cookbook-over-150-festive-recipes.pdf
    • http://www.gorillawalker.com/ave-maria-d-839-arrangement-for-tenor-children-s-chorus.pdf
    • http://www.gorillawalker.com/teach-yourself-baby-massage-and-yoga-teach-yourself-general-reference.pdf
    • http://www.gorillawalker.com/sullivan-s-law-directory-2013-2014-the-illinois-attorney-s.pdf
    • http://www.gorillawalker.com/new-york-state-sales-and-use-tax-law-and-regulations.pdf
    • http://www.gorillawalker.com/the-pilgrimage-of-stephen-harper.pdf
    • http://www.gorillawalker.com/social-work-with-groups-expanding-horizons.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.