Malicious PDF — malware analysis report

Static analysis result for SHA-256 f8efdb19eb46a0d7…

MALICIOUS

PDF

43.7 KB Created: 2019-02-13 19:53:49 +03:00 Authoring application: PFU ScanSnap Manager 4.2.14 (via Adobe PDF Scan Library 2.3)
MD5: afe8739ed7bb6381b945d1a1ba2bbb8e SHA-1: 5e0706dbb7b6010900cf5cbbde1ad96e29fc09f4 SHA-256: f8efdb19eb46a0d71f3a2917e48a5f3e438cd93f9afdc508903de559bb0ea958
72 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains heuristics indicating an advance-fee scam, a common lure for financial fraud. The document body, though heavily obfuscated, contains URLs that appear to be related to book titles, suggesting a potential social engineering pretext. The primary heuristic points to a lure involving lottery/parcel delivery, aiming to trick the user into a fraudulent transaction.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 3

  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/islanders-in-the-empire-filipino-and-puerto-rican-laborers-in.pdf
    • http://www.gorillawalker.com/four-point-reading-and-writing-1-intermediate-english-for-academic.pdf
    • http://www.gorillawalker.com/broken-eagle-flashpoint.pdf
    • http://www.gorillawalker.com/dexter-by-design-dexter-book-4-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/and-their-memory-was-a-bitter-tree.pdf
    • http://www.gorillawalker.com/portugal-europe-s-best-kept-secret-a-unique-blend-of.pdf
    • http://www.gorillawalker.com/forensic-dna-evidence-interpretation-forensicnetbase.pdf
    • http://www.gorillawalker.com/electricity-for-hvac-video-set-2-cd-rom-components-current.pdf
    • http://www.gorillawalker.com/yahushua-messiah-the-last-adam-his-humanity-according-to-scripture.pdf
    • http://www.gorillawalker.com/supernatural-law-34-the-strange-case-of-mr-negitivity-may.pdf
    • http://www.gorillawalker.com/kidpreneurs-young-entrepreneurs-with-big-ideas.pdf
    • http://www.gorillawalker.com/hosanna-the-story-of-palm-sunday-god-loves-me-god.pdf
    • http://www.gorillawalker.com/the-superhuman-mind-free-the-genius-in-your-brain.pdf
    • http://www.gorillawalker.com/long-man-vintage-contemporaries.pdf
    • http://www.gorillawalker.com/1-corinthians-the-people-s-bible-commentaries.pdf
    • http://www.gorillawalker.com/crossed-rose.pdf
    • http://www.gorillawalker.com/hitchhiking-vampire.pdf
    • http://www.gorillawalker.com/identities-in-crisis-in-iran-politics-culture-and-religion.pdf
    • http://www.gorillawalker.com/basic-algebraic-geometry-springer-study-edition.pdf
    • http://www.gorillawalker.com/victory-at-stalingrad-the-battle-that-changed-history.pdf
    • http://www.gorillawalker.com/handbook-of-differential-entropy.pdf
    • http://www.gorillawalker.com/explorer-s-guide-50-hikes-in-alaska-s-kenai-peninsula.pdf
    • http://www.gorillawalker.com/operation-thunderbolt-flight-139-and-the-raid-on-entebbe-airport.pdf
    • http://www.gorillawalker.com/observational-measurement-of-behavior.pdf
    • http://www.gorillawalker.com/medical-language-focus-on-terminology.pdf
    • http://www.gorillawalker.com/freedom-in-design-the-architecture-of-j-j-pan-partners.pdf
    • http://www.gorillawalker.com/amazing-sharks-i-can-read-book-2.pdf
    • http://www.gorillawalker.com/by-verena-geweniger-pilates-a-teachers-manual-exercises-with-mats.pdf
    • http://www.gorillawalker.com/mimi-tomatito-spanish-edition.pdf
    • http://www.gorillawalker.com/the-conceptual-representation-and-the-measurement-of-psychological-forces.pdf
    • http://www.gorillawalker.com/a-picturesque-tour-of-the-island-of-jamaica-kindle-edition.pdf
    • http://www.gorillawalker.com/le-cordon-bleu-home-collection-soups-le-cordon-bleu-home.pdf
    • http://www.gorillawalker.com/feltlicious-needle-felted-treats-to-make-give.pdf
    • http://www.gorillawalker.com/pain-source-book.pdf
    • http://www.gorillawalker.com/bonnets-and-bugles-series-books-6-10-kindle-edition.pdf
    • http://www.gorillawalker.com/trim-healthy-mama.pdf
    • http://www.gorillawalker.com/the-criminal-mind-a-study-of-communication-between-the-criminal.pdf
    • http://www.gorillawalker.com/money-investing-in-stocks-trading-in-commodities-or-the-time.pdf
    • http://www.gorillawalker.com/second-to-no-one-kindle-edition.pdf
    • http://www.gorillawalker.com/persian-studies-in-north-america-studies-in-honor-of-mohammad.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.