Malicious PDF — malware analysis report

Static analysis result for SHA-256 181eff877e26991f…

MALICIOUS

PDF

44.1 KB Created: 2018-11-23 21:31:53 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 0f4f2ade205b3bedbde79bfce37f9b31 SHA-1: 72e29afa83b0ea67485b8b4052c4e482db641496 SHA-256: 181eff877e26991fc5ebcdad7089e32bc22fe9ee080b63616f4c2ec3b323fa80
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests an attempt to manipulate search engine results or to distribute a large volume of content, potentially malicious, through a link farm. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-student-s-guide-to-f-scott-fitzgerald-understanding-literature.pdf
    • http://www.gorillawalker.com/good-granny-bad-granny.pdf
    • http://www.gorillawalker.com/madrid-city-guide-spanish-edition.pdf
    • http://www.gorillawalker.com/dalmatia-the-new-riviera.pdf
    • http://www.gorillawalker.com/prelude-to-a-rumor-part-two-harmless-preludes-book-4.pdf
    • http://www.gorillawalker.com/communication-before-speech-development-and-assessment.pdf
    • http://www.gorillawalker.com/the-global-war-on-morris-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/alexander-the-great-in-arrian-and-plutarch-works-plutarch-and.pdf
    • http://www.gorillawalker.com/ethics-and-excuses-the-crisis-in-professional-responsibility.pdf
    • http://www.gorillawalker.com/the-reflexes-of-the-proto-indo-european-laryngeals-in-latin.pdf
    • http://www.gorillawalker.com/the-practice-of-psychotherapy-the-collected-works-of-c-g.pdf
    • http://www.gorillawalker.com/the-christopher-parkening-guitar-method-volume-2-intermediate-to-upper.pdf
    • http://www.gorillawalker.com/achieving-our-world-toward-a-global-and-plural-democracy.pdf
    • http://www.gorillawalker.com/when-art-became-fashion-kosode-in-edo-period-japan.pdf
    • http://www.gorillawalker.com/the-dance-of-the-caterpillars-bilingual-indonesian-english-indonesian-edition.pdf
    • http://www.gorillawalker.com/card-tricks-30-easy-to-follow-tricks-to-amaze-your.pdf
    • http://www.gorillawalker.com/careers-adjudicator-kindle-edition.pdf
    • http://www.gorillawalker.com/sacred-landscape-in-medieval-afghanistan-revisiting-the-fad-a-il.pdf
    • http://www.gorillawalker.com/the-official-family-guy-2016-square-calendar.pdf
    • http://www.gorillawalker.com/arizona-cardinals-2009-wall-calendar.pdf
    • http://www.gorillawalker.com/grouting-for-ground-engineering-ciria-publication.pdf
    • http://www.gorillawalker.com/neil-young-don-t-be-denied-the-canadian-years.pdf
    • http://www.gorillawalker.com/the-times-killer-su-doku-book-9.pdf
    • http://www.gorillawalker.com/el-croquis-enric-miralles-1996-2000-benedetta-tagliabue-maps-for.pdf
    • http://www.gorillawalker.com/how-doctors-think.pdf
    • http://www.gorillawalker.com/stop-being-your-symptoms-and-start-being-yourself-the-6.pdf
    • http://www.gorillawalker.com/off-the-books-the-underground-economy-of-the-urban-poor.pdf
    • http://www.gorillawalker.com/the-indiana-jones-handbook.pdf
    • http://www.gorillawalker.com/photo-icons-i-icon-taschen-v-1.pdf
    • http://www.gorillawalker.com/il-ragazzo-che-fu-carlomagno-salani-ragazzi-italian-edition.pdf
    • http://www.gorillawalker.com/psoriatic-arthritis-physician-s-reference-orthopaedics.pdf
    • http://www.gorillawalker.com/scotland-on-a-shoestring-scotland-s-best-for-less.pdf
    • http://www.gorillawalker.com/mel-bay-bembe-conversations-book-cd-set.pdf
    • http://www.gorillawalker.com/modern-poetry-in-china-a-visual-verbal-dynamic-cambria-sinophone.pdf
    • http://www.gorillawalker.com/favorite-songs-with-3-chords-strum-it-guitar.pdf
    • http://www.gorillawalker.com/master-of-defence-the-works-of-george-silver.pdf
    • http://www.gorillawalker.com/backpacker-magazine-s-hiking-and-backpacking-with-kids-proven-strategies.pdf
    • http://www.gorillawalker.com/7-62mm-l1-and-c1-f-a-l-rifles-parts.pdf
    • http://www.gorillawalker.com/the-bitch-in-your-head-how-to-finally-squash-your.pdf
    • http://www.gorillawalker.com/the-masquerade.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.