Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ea344065d1f805f…

MALICIOUS

PDF

44.4 KB Created: 2018-11-15 18:31:56 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: e20bfe5b4ea9bf269057cde57a2fdce5 SHA-1: 3edbce847cb2497df5785db864688471024ab4b8 SHA-256: 0ea344065d1f805f077189b6bd191dec71ca62e0c62efd3e3b0fa2f8f8007040
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm, likely used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-real-life-downton-abbey-how-life-was-really-lived.pdf
    • http://www.gorillawalker.com/covert-to-overt-the-under-overground-art-of-shepard-fairey.pdf
    • http://www.gorillawalker.com/toxicology-volume-1.pdf
    • http://www.gorillawalker.com/wildlife-walks-great-days-out-at-over-500-of-the.pdf
    • http://www.gorillawalker.com/the-million-dollar-equation-how-to-build-a-million-dollar.pdf
    • http://www.gorillawalker.com/duck-at-the-door.pdf
    • http://www.gorillawalker.com/censored-by-confucius-ghost-stories-by-yuan-mei-new-studies.pdf
    • http://www.gorillawalker.com/steck-vaughn-pre-ged-skills-book-student-edition-10-pack.pdf
    • http://www.gorillawalker.com/reflective-practice-and-supervision-for-coaches-coaching-in-practice.pdf
    • http://www.gorillawalker.com/ancient-teaching-stories-book-one.pdf
    • http://www.gorillawalker.com/rachael-hale-dogs-2016-calendar.pdf
    • http://www.gorillawalker.com/identity-culture-and-politics-in-the-basque-diaspora-the-basque.pdf
    • http://www.gorillawalker.com/first-time-with-my-stepbrother-volume-1-a-stepbrother-romance.pdf
    • http://www.gorillawalker.com/corrections-and-collections-architectures-for-art-and-crime.pdf
    • http://www.gorillawalker.com/action-art-hands-on-active-art-adventures-bright-ideas-for.pdf
    • http://www.gorillawalker.com/ottawa-hull-gatineau-canadian-maps.pdf
    • http://www.gorillawalker.com/sisters-the-lives-of-america-s-suffragists.pdf
    • http://www.gorillawalker.com/sous-le-charme-de-mon-garde-du-corps-french-edition.pdf
    • http://www.gorillawalker.com/arthur-s-april-fool-arthur-adventure-series-hardcover.pdf
    • http://www.gorillawalker.com/insect-sounds-and-communication-physiology-behaviour-ecology-and-evolution-contemporary.pdf
    • http://www.gorillawalker.com/functional-reynolds-stress-modeling.pdf
    • http://www.gorillawalker.com/the-science-of-getting-rich-3-cd-audio-book-plus.pdf
    • http://www.gorillawalker.com/michel-lorio-s-cross.pdf
    • http://www.gorillawalker.com/flip-outs-funny-farm-color-your-own-cartoon.pdf
    • http://www.gorillawalker.com/complete-vampire-chronicles-interview-with-the-vampire-the-vampire-lestat.pdf
    • http://www.gorillawalker.com/totem-e-tab-alcune-concordanze-nella-vita-psichica-dei-selvaggi.pdf
    • http://www.gorillawalker.com/platypus-police-squad-the-frog-who-croaked.pdf
    • http://www.gorillawalker.com/the-care-and-keeping-of-you-journal-revised-for-younger.pdf
    • http://www.gorillawalker.com/forestry-and-climate-change.pdf
    • http://www.gorillawalker.com/becoming-justice-blackmun-harry-blackmun-s-supreme-court-journey.pdf
    • http://www.gorillawalker.com/retribution-a-dreamland-thriller.pdf
    • http://www.gorillawalker.com/proceedings-of-the-international-conference-on-materials-and-mechanisms-of.pdf
    • http://www.gorillawalker.com/criminal-justice-in-action.pdf
    • http://www.gorillawalker.com/animal-intelligence-an-experimental-study-of-the-associative-processes-in.pdf
    • http://www.gorillawalker.com/iowa-state-cyclones-2014-vintage-football-calendar.pdf
    • http://www.gorillawalker.com/logic-countdown-grades-3-4.pdf
    • http://www.gorillawalker.com/kneeling-before-her-knight.pdf
    • http://www.gorillawalker.com/metaphor-therapy-using-client-generated-metaphors-in-psychotherapy.pdf
    • http://www.gorillawalker.com/poetique-speak-songbook-for-cd-send-in-the-clown-micro.pdf
    • http://www.gorillawalker.com/the-therapeutic-relationship-in-counselling-and-psychotherapy-essential-issues-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.