Malicious PDF — malware analysis report

Static analysis result for SHA-256 5cc7e1c62c350c81…

MALICIOUS

PDF

48.1 KB Created: 2018-12-28 08:08:55 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: 92c39846d1d3da6fa1adf3e33fc03a7a SHA-1: 1bc055cb0e8ee35868d5802ad1bf1752381444c5 SHA-256: 5cc7e1c62c350c813932aed640ed3d435dccf3d19217f29b187d9af84af15ed6
132 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, many of which appear to be book titles, suggesting a link farm for SEO manipulation. The heuristic 'SE_ADVANCE_FEE_SCAM_LURE' strongly indicates the document's content is designed to trick users into paying fees for non-existent prizes or parcels. No scripts were extracted from this sample, and the document body was heavily obfuscated, making it difficult to ascertain the exact lure text.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/word-smart-genius-edition-building-a-phenomenal-vocabulary-unabridged-audible.pdf
    • http://www.gorillawalker.com/disorganized-attachment-and-caregiving.pdf
    • http://www.gorillawalker.com/essentials-of-sports-law-third-edition.pdf
    • http://www.gorillawalker.com/cults-and-the-occult.pdf
    • http://www.gorillawalker.com/information-finding-and-the-research-process-a-guide-to-sources.pdf
    • http://www.gorillawalker.com/trains-usborne-beginner-s.pdf
    • http://www.gorillawalker.com/broadcast-news-and-writing-stylebook-plus-mysearchlab-access-card-package.pdf
    • http://www.gorillawalker.com/the-autobiography-of-shibusawa-eiichi-from-peasant-to-entrepreneur.pdf
    • http://www.gorillawalker.com/little-pink-book-on-what-to-wear.pdf
    • http://www.gorillawalker.com/the-school-for-scandal-and-other-plays-penguin-classics.pdf
    • http://www.gorillawalker.com/modern-silage-methods-with-illustrations.pdf
    • http://www.gorillawalker.com/moleskine-2015-weekly-planner-horizontal-12-month-large-brilliant-violet.pdf
    • http://www.gorillawalker.com/the-effective-change-manager-s-handbook-essential-guidance-to-the.pdf
    • http://www.gorillawalker.com/secrets-of-the-i-pod-visual-quickstart-guide.pdf
    • http://www.gorillawalker.com/safety-first-to-protect-kids-from-the-worst.pdf
    • http://www.gorillawalker.com/naruto-32.pdf
    • http://www.gorillawalker.com/prisoners-of-hope-exploiting-the-pow-mia-myth-in-america.pdf
    • http://www.gorillawalker.com/east-spain-pilot-costas-del-azahar-dorada-and-brava.pdf
    • http://www.gorillawalker.com/schenker-made-simple.pdf
    • http://www.gorillawalker.com/the-divorce-faq-survival-guide-your-path-to-independence-kindle.pdf
    • http://www.gorillawalker.com/the-ancient-history-v1-containing-the-history-of-the-egyptians.pdf
    • http://www.gorillawalker.com/best-hikes-with-children-catskills-hudson-river-valley.pdf
    • http://www.gorillawalker.com/1001-questions-to-ask-before-you-get-married-kindle-edition.pdf
    • http://www.gorillawalker.com/healthcare-business-market-research-handbook-2015-2016-rkma-market-research.pdf
    • http://www.gorillawalker.com/the-green-edge-how-sustainability-can-help-exhibit-and-meeting.pdf
    • http://www.gorillawalker.com/history-taking-in-medicine-surgery-third-edition.pdf
    • http://www.gorillawalker.com/the-art-of-making-fermented-sausages-bymarianski.pdf
    • http://www.gorillawalker.com/kamyonistan.pdf
    • http://www.gorillawalker.com/pathfinder-tales-pirate-s-promise.pdf
    • http://www.gorillawalker.com/different-tainted-elements-volume-1.pdf
    • http://www.gorillawalker.com/ecological-stoichiometry-the-biology-of-elements-from-molecules-to-the.pdf
    • http://www.gorillawalker.com/michael-jackson-instrumental-solos-piano-accompaniment-pop-instrumental-solo-series.pdf
    • http://www.gorillawalker.com/the-ultimate-student-cookbook-cheap-fun-easy-tasty-food-kindle.pdf
    • http://www.gorillawalker.com/karla-la-mujer-que-regres-para-contarlo-spanish-edition.pdf
    • http://www.gorillawalker.com/czech-opera-national-traditions-of-opera.pdf
    • http://www.gorillawalker.com/a-psychonaut-s-guide-to-the-invisible-landscape-the-topography.pdf
    • http://www.gorillawalker.com/the-psychology-of-manic-depression-a-selection-of-classic-articles.pdf
    • http://www.gorillawalker.com/regents-success-strategies-algebra-i-common-core-study-guide-regents.pdf
    • http://www.gorillawalker.com/risk-management-and-financial-derivatives-a-guide-to-the-mathematics.pdf
    • http://www.gorillawalker.com/intermezzo-magazine-fine-interlude-in-food-wine-home-travel-issue.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.