Malicious PDF — malware analysis report

Static analysis result for SHA-256 33d4f9529cdbe796…

MALICIOUS

PDF

41.5 KB Created: 2018-12-15 20:05:33 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 6.0 (Windows))
MD5: 0aa392b211d1236663805b68cd8f5838 SHA-1: e7b17cd0ba24b2ce769072a1145febe834b055ec SHA-256: 33d4f9529cdbe796a4ded9f6daa8aa90c0f365d6d557705bdfcbefd778e35446
110 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the same domain. This suggests a link farm or distribution mechanism. The SE_CALLBACK_LURE heuristic indicates a potential phishing or scam pretext, although no specific text was extracted to confirm this. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/image-ethics-in-the-digital-age-1st-first-edition.pdf
    • http://www.gorillawalker.com/olympus-at-war-pegasus.pdf
    • http://www.gorillawalker.com/martin-de-porres-a-saint-for-our-time.pdf
    • http://www.gorillawalker.com/cengage-advantage-books-essentials-of-business-law.pdf
    • http://www.gorillawalker.com/explorer-s-guide-maine-sixteenth-edition-explorer-s-complete.pdf
    • http://www.gorillawalker.com/don-t-tempt-me-georgian.pdf
    • http://www.gorillawalker.com/mummies-tombs-and-treasure-secrets-of-ancient-egypt-vol-1.pdf
    • http://www.gorillawalker.com/houston-unleashed.pdf
    • http://www.gorillawalker.com/psychoanalytic-perspectives-on-women.pdf
    • http://www.gorillawalker.com/les-femmes-d-amis-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/sesame-beginnings-firsts-sesame-street.pdf
    • http://www.gorillawalker.com/the-muslim-brotherhood-hasan-al-hudaybi-and-ideology-routledge-studies.pdf
    • http://www.gorillawalker.com/dawson-s-petting-zoo.pdf
    • http://www.gorillawalker.com/esquisses-senegalaises-french-edition.pdf
    • http://www.gorillawalker.com/piano-concerto-no-1-theme-from-the-op-23-accordion.pdf
    • http://www.gorillawalker.com/gene-expression-systems-using-nature-for-the-art-of-expression.pdf
    • http://www.gorillawalker.com/liability-insurance-lloyd-s-insurance-law-library.pdf
    • http://www.gorillawalker.com/trapped-in-time-extinction-kindle-edition.pdf
    • http://www.gorillawalker.com/book-selection-and-censorship-a-study-of-school-and-public.pdf
    • http://www.gorillawalker.com/creating-affluence-the-a-to-z-steps-to-a-richer.pdf
    • http://www.gorillawalker.com/the-chrome-book-fifth-edition-the-essential-guide-to-cloud.pdf
    • http://www.gorillawalker.com/gender-and-emotion-social-psychological-perspectives-studies-in-emotion-and.pdf
    • http://www.gorillawalker.com/pathological-lying-accusation-and-swindling-a-study-in-forensic-psychology.pdf
    • http://www.gorillawalker.com/critical-care-obstetrics.pdf
    • http://www.gorillawalker.com/czardas-for-trumpet-piano.pdf
    • http://www.gorillawalker.com/progress-in-thin-layer-chromatography-and-related-methods-v-2.pdf
    • http://www.gorillawalker.com/why-normandy-was-won-operation-bagration-and-the-war-in.pdf
    • http://www.gorillawalker.com/internet-gaming-law.pdf
    • http://www.gorillawalker.com/down-by-the-jetty-the-dr-feelgood-story.pdf
    • http://www.gorillawalker.com/inanna-lady-of-largest-heart-poems-of-the-sumerian-high.pdf
    • http://www.gorillawalker.com/5-minutes-with-christ-spiritual-nourishment-for-busy-teachers.pdf
    • http://www.gorillawalker.com/san-juan-adventure-guide-hiking-biking-and-skiing-in-southwestern.pdf
    • http://www.gorillawalker.com/vehicle-restoration-log-silver-cover-s-m-car-journals.pdf
    • http://www.gorillawalker.com/investigations-on-the-theory-of-the-brownian-movement.pdf
    • http://www.gorillawalker.com/cardiothoracic-surgery-vademecum.pdf
    • http://www.gorillawalker.com/the-eton-roundels-eton-college-ms-177-figurae-bibliorum-a.pdf
    • http://www.gorillawalker.com/real-science-4-kids-biology-level-1-laboratory-worksheets.pdf
    • http://www.gorillawalker.com/zhong-wai-wei-xing-xiao-shuo-jian-shang-ci-dian.pdf
    • http://www.gorillawalker.com/grieving-the-loss-of-your-pet-how-to-survive-your.pdf
    • http://www.gorillawalker.com/twelve-step-christianity-the-christian-roots-application-of-the-twelve.pdf
    • http://www.gorillawalker.com/ho
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.