Malicious PDF — malware analysis report

Static analysis result for SHA-256 98f73b621d18749a…

MALICIOUS

PDF

34.5 KB Created: 2020-03-12 04:25:10 +03:00 Authoring application: Adobe InDesign CS5 (7.0.3) (via Adobe PDF Library 9.9)
MD5: 00147f9ddd333fcd32231be335ecd450 SHA-1: 91d58b445232ebfe2337fe5802b71025a74cf87a SHA-256: 98f73b621d18749a913c7629c5a5ec4b292e535171c887613784c30e87146fcb
110 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the ML classifier and the presence of numerous links suggest a malicious intent, possibly for SEO manipulation or to redirect users to phishing or malware sites. The SE_CALLBACK_LURE heuristic also indicates a potential phishing or scam pretext, although the document body itself is heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/just-call-me-marylynn.pdf
    • http://www.gorillawalker.com/greater-pittsburgh-pennsylvania-and-metropolitan-area.pdf
    • http://www.gorillawalker.com/lonely-planet-madrid-lonely-planet-city-maps.pdf
    • http://www.gorillawalker.com/deaths-desire.pdf
    • http://www.gorillawalker.com/map-of-n-w-africa-comprising-marocco-algeria-tunis-and.pdf
    • http://www.gorillawalker.com/noberu-sho-jushosha-soran-newton-database-japanese-edition.pdf
    • http://www.gorillawalker.com/perfect-poems-for-teaching-phonics-grades-k-2.pdf
    • http://www.gorillawalker.com/spy-camp-spy-school.pdf
    • http://www.gorillawalker.com/equality-and-non-descrimination-in-south-africa-the-political-economy.pdf
    • http://www.gorillawalker.com/the-michael-gungor-band-ancient-skies-sacred-folio.pdf
    • http://www.gorillawalker.com/communication-making-connections-8th-edition.pdf
    • http://www.gorillawalker.com/the-family-reunion-handbook.pdf
    • http://www.gorillawalker.com/food-ethics.pdf
    • http://www.gorillawalker.com/economic-growth-and-development-in-africa-understanding-trends-and-prospects.pdf
    • http://www.gorillawalker.com/texas-instruments-ti-83-plus-graphing-calculator-guidebook.pdf
    • http://www.gorillawalker.com/the-modern-law-of-evidence.pdf
    • http://www.gorillawalker.com/attaquez-l-aube.pdf
    • http://www.gorillawalker.com/on-the-bloody-road-to-berlin-frontline-accounts-from-north.pdf
    • http://www.gorillawalker.com/the-south-beach-diet-wake-up-call-7-real-life.pdf
    • http://www.gorillawalker.com/writing-for-the-mass-media.pdf
    • http://www.gorillawalker.com/insight-guides-explore-istanbul-insight-explore-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/1-000-miles-in-a-machilla-travel-and-sport-in.pdf
    • http://www.gorillawalker.com/the-poetry-of-miklos-radnoti-a-comparative-study.pdf
    • http://www.gorillawalker.com/biomaterials-and-bioengineering-handbook.pdf
    • http://www.gorillawalker.com/who-needs-teeth-set-b-phonic-readers.pdf
    • http://www.gorillawalker.com/immigrants-from-the-north-franco-americans-recall-the-settlement-of.pdf
    • http://www.gorillawalker.com/cria-casera-de-lombrices-manual-practico-para-su-aprovechamiento-ecologico.pdf
    • http://www.gorillawalker.com/resilient-america-electing-nixon-in-1968-channeling-dissent-and-dividing.pdf
    • http://www.gorillawalker.com/biochemical-calculations-how-to-solve-mathematical-problems-in-general-biochemistry.pdf
    • http://www.gorillawalker.com/favourite-yorkshire-recipes.pdf
    • http://www.gorillawalker.com/jaguar-e-type-the-definitive-history-foulis-motoring-book.pdf
    • http://www.gorillawalker.com/sanctuaries-the-complete-united-states-a-guide-to-lodgings-in.pdf
    • http://www.gorillawalker.com/undergraduate-convexity-from-fourier-and-motzkin-to-kuhn-and-tucker.pdf
    • http://www.gorillawalker.com/specifying-systems-the-tla-language-and-tools-for-hardware-and.pdf
    • http://www.gorillawalker.com/the-young-lutheran-s-guide-to-the-orchestra.pdf
    • http://www.gorillawalker.com/the-slaver-wars-endgame-volume-7.pdf
    • http://www.gorillawalker.com/in-the-oregon-country-out-doors-in-oregon-washington-and.pdf
    • http://www.gorillawalker.com/second-fiddle-or-how-to-tell-a-blackbird-from-a.pdf
    • http://www.gorillawalker.com/les-amants-et-la-mer-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/emigrants-from-france-haut-rhin-department-to-america-part-1.pdf
    • http://www.gorillawalker.com/equality-and-non-descrimination-in-south-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.