Malicious PDF — malware analysis report

Static analysis result for SHA-256 047c4dd5ea8a52b7…

MALICIOUS

PDF

45.0 KB Created: 2018-11-23 21:03:41 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 91406a1c37467ca96d4450ff5600e240 SHA-1: 73dfd87ef53b8c610c8fb8b951ab363a621d0fdc SHA-256: 047c4dd5ea8a52b7f674854a4cdc0564fd17fd29275da087e254391a52f0c4d8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the presence of embedded URLs and the nature of the link farm suggest a potential attempt to manipulate search engine rankings or distribute additional malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8822

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ghost-story-ghost-story-trilogy-book-i.pdf
    • http://www.gorillawalker.com/effects-for-the-theatre.pdf
    • http://www.gorillawalker.com/international-place-branding-yearbook-2010-place-branding-in-the-new.pdf
    • http://www.gorillawalker.com/hearts-and-homes-how-creative-cooks-fed-the-soul-and.pdf
    • http://www.gorillawalker.com/pirate-spirit-the-adventures-of-anne-bonney.pdf
    • http://www.gorillawalker.com/discovery-dinopedia-the-complete-guide-to-everything-dinosaur.pdf
    • http://www.gorillawalker.com/the-beaux-stratagem-crofts-classics.pdf
    • http://www.gorillawalker.com/awful-resilient-the-art-of-alex-pardee.pdf
    • http://www.gorillawalker.com/eft-tapping-learn-in-5-min-the-effective-tapping-solution.pdf
    • http://www.gorillawalker.com/genes-de-neandertal-spanish-edition.pdf
    • http://www.gorillawalker.com/backyard-beasties-make-me-laugh.pdf
    • http://www.gorillawalker.com/essentials-of-smart-parenting-learning-the-fine-art-of-managing.pdf
    • http://www.gorillawalker.com/viking-river-cruises-2014-russia-ukraine-itineraries-gorgeous-illustrations.pdf
    • http://www.gorillawalker.com/kharkov-1943-men-and-battles.pdf
    • http://www.gorillawalker.com/semiconductor-general-purpose-replacements.pdf
    • http://www.gorillawalker.com/gace-special-education-general-curriculum-081-082-practice-test-1.pdf
    • http://www.gorillawalker.com/the-prom-dress-room.pdf
    • http://www.gorillawalker.com/northbound-the-north-novels-book-1.pdf
    • http://www.gorillawalker.com/allegro-and-hornpipe-chamber-orchestra-score-and-parts-handbell-sheet.pdf
    • http://www.gorillawalker.com/amen-to-rot-books-one-through-four.pdf
    • http://www.gorillawalker.com/forward-planning-a-basic-guide-for-museums-galleries-and-heritage.pdf
    • http://www.gorillawalker.com/mechanisms-and-mechanical-devices-sourcebook.pdf
    • http://www.gorillawalker.com/safer-c-mcgraw-hill-international-series-in-software-engineering.pdf
    • http://www.gorillawalker.com/singing-the-body-electric-the-human-voice-and-sound-technology.pdf
    • http://www.gorillawalker.com/kill-phil-the-fast-track-to-success-in-no-limit.pdf
    • http://www.gorillawalker.com/rails-to-penn-state-the-story-of-the-bellefonte-central.pdf
    • http://www.gorillawalker.com/attitudes-toward-self-inflicted-suffering-in-the-middle-ages-the.pdf
    • http://www.gorillawalker.com/elias-west-bend-saints-volume-1.pdf
    • http://www.gorillawalker.com/government-austerity-and-socioeconomic-sustainability-springerbriefs-in-economics.pdf
    • http://www.gorillawalker.com/the-cauchy-schwarz-master-class-an-introduction-to-the-art.pdf
    • http://www.gorillawalker.com/the-welsh-lineage-of-john-lewis-1592-1657-emigrant-to.pdf
    • http://www.gorillawalker.com/men-s-health-muscle-chow-more-than-150-meals-to.pdf
    • http://www.gorillawalker.com/microwave-semiconductor-devices.pdf
    • http://www.gorillawalker.com/punjabi-english-english-punjabi-dictionary-phrasebook.pdf
    • http://www.gorillawalker.com/professional-photography-for-profit.pdf
    • http://www.gorillawalker.com/multicultural-teaching-a-handbook-of-activities-information-and-resources-7th.pdf
    • http://www.gorillawalker.com/phase-transformations-in-metals-and-alloys-third-edition-revised-reprint.pdf
    • http://www.gorillawalker.com/how-to-protect-your-family-s-assets-from-devastating-nursing.pdf
    • http://www.gorillawalker.com/fitch-lowers-attorneys-liability-assurance-society-s-rating-to-aa.pdf
    • http://www.gorillawalker.com/lockheed-martin-s-skunk-works-the-official-history.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.