Malicious PDF — malware analysis report

Static analysis result for SHA-256 0d211e7d9a07e57c…

MALICIOUS

PDF

41.0 KB Created: 2019-04-10 12:10:09 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 14e2d5ea786bb285d5f2f34add001658 SHA-1: 80c72d0872cf97727d4e6eef0818d29efd490f4e SHA-256: 0d211e7d9a07e57c25a1bab5e83dc1178dd20b67270626301f0bfac8d5db26bb
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm, potentially to drive traffic or distribute other malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/norsthworthy-how-to-tm-video-series-enteral-feeding-orogastric-feeding.pdf
    • http://www.gorillawalker.com/el-giro-contextual-the-contextual-shift-cinco-ensayos-de-quentin.pdf
    • http://www.gorillawalker.com/health-care-for-the-elderly-regional-responses-for-national-policy.pdf
    • http://www.gorillawalker.com/life-in-pieces-a.pdf
    • http://www.gorillawalker.com/insect-behavior.pdf
    • http://www.gorillawalker.com/solomon-or-golden-sails-of-nadezhda-the-stories-of-winged.pdf
    • http://www.gorillawalker.com/the-best-american-science-fiction-writing-2004-first-edition.pdf
    • http://www.gorillawalker.com/jane-foster-s-abc.pdf
    • http://www.gorillawalker.com/the-waters-of-nyra-volume-i-volume-1.pdf
    • http://www.gorillawalker.com/virgil-aeneid-book-xii-cambridge-greek-and-latin-classics.pdf
    • http://www.gorillawalker.com/food-production-and-eating-habits-from-around-the-world-a.pdf
    • http://www.gorillawalker.com/coasters-an-illustrated-history.pdf
    • http://www.gorillawalker.com/mike-tyson-his-fights-and-fortunes.pdf
    • http://www.gorillawalker.com/the-stormrider-surf-guide-mexico-stormrider-surf-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/the-theory-and-practice-of-archery-kindle-edition.pdf
    • http://www.gorillawalker.com/shared-by-the-cowboys-on-the-trail-bareback-first-time.pdf
    • http://www.gorillawalker.com/world-of-wonders.pdf
    • http://www.gorillawalker.com/grace-energized-women-god-s-12-steps-for-every-21st.pdf
    • http://www.gorillawalker.com/birds-family-pets.pdf
    • http://www.gorillawalker.com/helicopter-transport-fill-box-painting-2-6-years-old-chinese.pdf
    • http://www.gorillawalker.com/garfield-fat-cat-3-pack-a-triple-helping-of-classic.pdf
    • http://www.gorillawalker.com/susurros-de-la-eternidad-whispers-from-eternity-spanish-edition.pdf
    • http://www.gorillawalker.com/flying-solo-taking-a-plane-trip-alone-here-s-how.pdf
    • http://www.gorillawalker.com/kgi-nach-der-dunkelheit-german-edition.pdf
    • http://www.gorillawalker.com/architectural-renderings-construction-and-design-manual.pdf
    • http://www.gorillawalker.com/skype-vs-viber-are-voip-mobile-apps-viable-alternatives-to.pdf
    • http://www.gorillawalker.com/the-ancient-hawaiian-house.pdf
    • http://www.gorillawalker.com/yeshua-a-model-for-moderns-paperback.pdf
    • http://www.gorillawalker.com/la-cambiale-di-matrimonio-duetto-portero-cosi-il-cappello-2.pdf
    • http://www.gorillawalker.com/all-because-of-henry.pdf
    • http://www.gorillawalker.com/si-sal-o-yek-rooz-persian-edition.pdf
    • http://www.gorillawalker.com/kinky-little-secrets-10-erotic-short-stories-sexy-stories-collection.pdf
    • http://www.gorillawalker.com/science-encyclopedia.pdf
    • http://www.gorillawalker.com/urinary-cytology-phase-contrast-microscopy-and-analysis-of-stained-smears.pdf
    • http://www.gorillawalker.com/the-look-book-50-iconic-beauties-and-how-to-achieve.pdf
    • http://www.gorillawalker.com/by-entrepreneur-press-eileen-sandlin-start-your-own-consulting-business.pdf
    • http://www.gorillawalker.com/understanding-the-common-cold-anatomical-chart.pdf
    • http://www.gorillawalker.com/los-cinco-lenguajes-de-la-disculpa-the-five-languages-of.pdf
    • http://www.gorillawalker.com/family-affairs-volume-21.pdf
    • http://www.gorillawalker.com/glassman-matchlock-book-2.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.