Malicious PDF — malware analysis report

Static analysis result for SHA-256 d40df15a88f2e86a…

MALICIOUS

PDF

42.7 KB Created: 2019-03-17 12:31:01 +03:00 Authoring application: Microsoft Word 8.0 (via Acrobat Distiller 4.0 for Windows)
MD5: ae0ca20c5dc343d3d9add772f1d6d53d SHA-1: fa5b4caa089023b23dcba18aa51926017acc297a SHA-256: d40df15a88f2e86aa24a0c4272a52693be1caabc67fd99a959c523fd1965f7a7
130 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, many of which appear to be SEO-optimized for book titles, suggesting a link farm or content-loading mechanism. The heuristic 'SE_ADVANCE_FEE_SCAM_LURE' strongly indicates the document's purpose is to trick users into paying fees for a non-existent prize or parcel. No scripts were extracted, but the PDF structure itself is designed to host numerous links to external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chalice-concordance-to-the-chalice-hymnal-and-chalice-praise.pdf
    • http://www.gorillawalker.com/ojos-de-obsidiana-spanish-edition.pdf
    • http://www.gorillawalker.com/managing-technology-based-projects-tools-techniques-people-and-business-processes.pdf
    • http://www.gorillawalker.com/finite-model-theory-springer-monographs-in-mathematics.pdf
    • http://www.gorillawalker.com/mississippi-the-magnolia-state-world-almanac-library-of-the-states.pdf
    • http://www.gorillawalker.com/central-asian-republics-nations-in-transition.pdf
    • http://www.gorillawalker.com/junie-b-jones-s-fifth-boxed-set-ever-books-17.pdf
    • http://www.gorillawalker.com/handbook-of-veterinary-neurology-pageburst-e-book-on-vitalsource-retail.pdf
    • http://www.gorillawalker.com/chaos-in-dynamical-systems.pdf
    • http://www.gorillawalker.com/the-millionaire-mind.pdf
    • http://www.gorillawalker.com/martyr-the-first-john-shakespeare-mystery.pdf
    • http://www.gorillawalker.com/reform-and-insurrection-in-bourbon-new-granada-and-peru.pdf
    • http://www.gorillawalker.com/ruby-lee-the-bumble-bee-a-bee-s-bit-of.pdf
    • http://www.gorillawalker.com/vatican-ii-hymnal-including-the-st-noel-chabanel-responsorial-psalms.pdf
    • http://www.gorillawalker.com/sirk-on-sirk-directors-on-directors.pdf
    • http://www.gorillawalker.com/american-africans-in-ghana-black-expatriates-and-the-civil-rights.pdf
    • http://www.gorillawalker.com/all-in-one-curriculum-for-the-pilgrim-s-progress-with.pdf
    • http://www.gorillawalker.com/advanced-korean-includes-sino-korean-companion-workbook-on-cd-rom.pdf
    • http://www.gorillawalker.com/boom-sprayers-handbook.pdf
    • http://www.gorillawalker.com/progress-in-mathematics-grade-6.pdf
    • http://www.gorillawalker.com/by-the-river-chebar-historical-literary-and-theological-studies-in.pdf
    • http://www.gorillawalker.com/blue-guide-the-loire-valley-blue-guides.pdf
    • http://www.gorillawalker.com/the-adventures-of-little-nutbrown-hare-guess-how-much-i.pdf
    • http://www.gorillawalker.com/mini-electric-guitar-lessons-bass-guitar-book-reviews-1999-isbn.pdf
    • http://www.gorillawalker.com/best-loved-church-casseroles.pdf
    • http://www.gorillawalker.com/inheritance-a-novel.pdf
    • http://www.gorillawalker.com/betrvg-und-bpersvg-betriebsverfassungsgesetz-und-bundespersonalvertretungsgesetz-german-edition.pdf
    • http://www.gorillawalker.com/abandoned-novel.pdf
    • http://www.gorillawalker.com/arkansas-atlas-gazetteer-delorme-atlas-gazetteer-series.pdf
    • http://www.gorillawalker.com/lazily-crazily-just-a-bit-nasally-more-about-adverbs-words.pdf
    • http://www.gorillawalker.com/participatory-biblical-exegesis-a-theology-of-biblical-interpretation-nd-reading.pdf
    • http://www.gorillawalker.com/practical-teaching-skills-for-driving-instructors-develop-and-improve-your.pdf
    • http://www.gorillawalker.com/chromatography-of-antibiotics-journal-of-chromatography-library.pdf
    • http://www.gorillawalker.com/anatomy-trains-myofascial-meridians-for-manual-and-movement-therapists-1e.pdf
    • http://www.gorillawalker.com/passport-to-peking-a-very-british-mission-to-mao-s.pdf
    • http://www.gorillawalker.com/saber-toothed-lover-extinct-dinosaur-taboo-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/strategic-learning-and-its-limits-arne-ryde-memorial-lectures.pdf
    • http://www.gorillawalker.com/architecture-in-britain-1530-1580-the-yale-university-pelican-history.pdf
    • http://www.gorillawalker.com/carrots-love-tomatoes-secrets-of-companion-planting-for-successful-gardening.pdf
    • http://www.gorillawalker.com/the-musician-s-body.pdf
    • http://www.gorillawalker.com/finite-model-theory-springer-monographs-in-mathem
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.