Malicious PDF — malware analysis report

Static analysis result for SHA-256 5b3098995a3bd136…

MALICIOUS

PDF

30.5 KB Created: 2019-05-18 15:14:23 +03:00 Authoring application: Adobe Acrobat 8.1 Combine Files (via Acrobat Distiller 8.1.0 (Windows))
MD5: 3b132fe5b71a1b1d1908f0b530fc09a5 SHA-1: 1eba52c0f1568e43065f8ef91d020f1af61a51d5 SHA-256: 5b3098995a3bd1367a94bbceae3eaa3a0203dfcc83a726a8ff3a1f893ae221de
112 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated, the presence of numerous links suggests an attempt to manipulate search engine rankings or distribute malicious content. The SE_CALLBACK_LURE heuristic also indicates a potential phishing or scam attempt, though the primary observed behavior is the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8322

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-science-of-noise-science-world.pdf
    • http://www.gorillawalker.com/the-golden-haggadah.pdf
    • http://www.gorillawalker.com/coming-apart-kindle-edition.pdf
    • http://www.gorillawalker.com/olaf-nicolai-the-blondes.pdf
    • http://www.gorillawalker.com/john-betjeman-collected-poems.pdf
    • http://www.gorillawalker.com/la-sexta-extinci.pdf
    • http://www.gorillawalker.com/advanced-production-testing-of-rf-soc-and-sip-devices.pdf
    • http://www.gorillawalker.com/new-methodologies-and-techniques-for-a-sustainable-organic-chemistry-nato.pdf
    • http://www.gorillawalker.com/now-we-get-it-boosting-comprehension-with-collaborative-strategic-reading.pdf
    • http://www.gorillawalker.com/tono-bungay-the-world-s-classics.pdf
    • http://www.gorillawalker.com/a-handbook-for-1-000-basic-chinese-characters.pdf
    • http://www.gorillawalker.com/the-family-joke-book.pdf
    • http://www.gorillawalker.com/advances-in-nephrology-v-6.pdf
    • http://www.gorillawalker.com/speciation-of-the-wandering-shrew.pdf
    • http://www.gorillawalker.com/the-measure-of-a-woman.pdf
    • http://www.gorillawalker.com/loving-the-well-hung-schoolgirl-teen-f-f-transgender-romance.pdf
    • http://www.gorillawalker.com/interfacial-electrokinetics-and-electrophoresis-surfactant-science.pdf
    • http://www.gorillawalker.com/weekly-options-trading-algorithm-using-2-sig-and-wwi-kindle.pdf
    • http://www.gorillawalker.com/wild-montana-sky-the-montana-sky-series.pdf
    • http://www.gorillawalker.com/the-cruel-wife.pdf
    • http://www.gorillawalker.com/trade-unions-in-the-green-economy-working-for-the-environment.pdf
    • http://www.gorillawalker.com/sparring-with-the-sun-poets-and-the-ways-we-think.pdf
    • http://www.gorillawalker.com/women-in-ministry-and-the-writings-of-paul.pdf
    • http://www.gorillawalker.com/der-stalker-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/daphnis-and-chloe-penguin-classics.pdf
    • http://www.gorillawalker.com/ellsworth-kelly-catalogue-raisonne-of-paintings-sculpture.pdf
    • http://www.gorillawalker.com/mid-atlantic-trout-streams-and-their-hatches-overlooked-angling-in.pdf
    • http://www.gorillawalker.com/curso-de-corte-pattern-cutting-course-sistema-nona-spanish-edition.pdf
    • http://www.gorillawalker.com/redemption-street-moe-prager-series.pdf
    • http://www.gorillawalker.com/research-methods-in-family-therapy-second-edition.pdf
    • http://www.gorillawalker.com/daniel-y-el-reino-mesianico-daniel-and-the-messianic-kingdom.pdf
    • http://www.gorillawalker.com/how-class-works-power-and-social-movement.pdf
    • http://www.gorillawalker.com/animals-with-jobs-circus-animals.pdf
    • http://www.gorillawalker.com/la-guerra-punica-punic-war-clasica-spanish-edition.pdf
    • http://www.gorillawalker.com/the-shadows-breathe.pdf
    • http://www.gorillawalker.com/mad-about-the-man-graysons.pdf
    • http://www.gorillawalker.com/ponsonby-s-insects-spiders-ponsonby-s-curious-compendiums.pdf
    • http://www.gorillawalker.com/chiisana-edo-o-aruku-kyoto-osaka-togokuji-nihon-zenkoku-50.pdf
    • http://www.gorillawalker.com/philosophy-history-and-readings-8th-eighth-edition.pdf
    • http://www.gorillawalker.com/a-quilt-for-christmas.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.