Malicious PDF — malware analysis report

Static analysis result for SHA-256 19ecd0958a4ae114…

MALICIOUS

PDF

40.2 KB Created: 2019-03-16 19:41:17 +03:00 Authoring application: calibre 0.9.13 [http://calibre-ebook.com]
MD5: d6ed74d803186f5d5b7612b3b446452b SHA-1: b5203691966180f1ea7fa540d82c466736f4aef3 SHA-256: 19ecd0958a4ae11451627fbf40b1f96531c85b51f7bd33190299c4d5d8fd62cd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm, potentially to direct users to malicious sites or to manipulate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9526

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/constructing-cultures-topics-in-translation.pdf
    • http://www.gorillawalker.com/mountain-bike-island-hopping-to-visit-time-of-tsushima-rishiri.pdf
    • http://www.gorillawalker.com/george-canby-robinson-dean-of-the-vanderbilt-medical-school-from.pdf
    • http://www.gorillawalker.com/emotional-health-the-secret-for-freedom-from-drama-trauma-and.pdf
    • http://www.gorillawalker.com/calculus-single-variable-6e-binder-ready-version-wileyplus-registration-card.pdf
    • http://www.gorillawalker.com/idea-factory-s-the-great-bone-mysteries.pdf
    • http://www.gorillawalker.com/two-dimensional-wavelets-and-their-relatives.pdf
    • http://www.gorillawalker.com/intimacy-and-other-plays-digital.pdf
    • http://www.gorillawalker.com/muhammad-at-mecca.pdf
    • http://www.gorillawalker.com/the-last-great-game-duke-vs-kentucky-and-the-2.pdf
    • http://www.gorillawalker.com/sports-injuries-their-treatment-by-homoeopathy-acupressure.pdf
    • http://www.gorillawalker.com/nutcracker-suite-op-71a-miniature-score-miniature-score-kalmus-edition.pdf
    • http://www.gorillawalker.com/my-ex-best-friend-s-little-brat.pdf
    • http://www.gorillawalker.com/what-you-need-to-know-about-prostate-cancer-it-s.pdf
    • http://www.gorillawalker.com/the-moonlit-earth.pdf
    • http://www.gorillawalker.com/muse-the-easy-piano-songbook.pdf
    • http://www.gorillawalker.com/long-after-midnight-at-the-nino-bien-the-tango-and.pdf
    • http://www.gorillawalker.com/an-unauthorized-biography-of-the-world.pdf
    • http://www.gorillawalker.com/can-india-digital-printing-applications-guinness-chinese-edition.pdf
    • http://www.gorillawalker.com/new-2015-a-level-chemistry-ocr-b-year-1-2.pdf
    • http://www.gorillawalker.com/keep-watching-the-skies-american-science-fiction-movies-of-the.pdf
    • http://www.gorillawalker.com/humedales-h-bitats-h-medos-ciencia-asombrosa-ecosistemas-spanish-edition.pdf
    • http://www.gorillawalker.com/adolescent-depression-a-guide-for-parents-a-johns-hopkins-press.pdf
    • http://www.gorillawalker.com/christmas-cowboy-kisses-a-family-for-christmas-a-christmas-miracle.pdf
    • http://www.gorillawalker.com/where-i-am-now-and-some-places-i-have-been.pdf
    • http://www.gorillawalker.com/1-2-samuel-a-commentary.pdf
    • http://www.gorillawalker.com/introduction-to-western-concert-music.pdf
    • http://www.gorillawalker.com/and-we-sold-the-rain-contemporary-fiction-from-central-america.pdf
    • http://www.gorillawalker.com/betty-crocker-s-guide-to-easy-entertaining.pdf
    • http://www.gorillawalker.com/acura-dashboard-navigation-system-uses-satellite-link-instead-of-cellular.pdf
    • http://www.gorillawalker.com/plasma-formulary-for-physics-technology-and-astrophysics.pdf
    • http://www.gorillawalker.com/the-lessons-of-love-rediscovering-our-passion-for-life-when.pdf
    • http://www.gorillawalker.com/the-playful-prince-lords-of-the-var-book-two.pdf
    • http://www.gorillawalker.com/shaker-woodenware-a-field-guide-field-guides-to-collecting-shaker.pdf
    • http://www.gorillawalker.com/a-game-of-two-halves-the-autobiography.pdf
    • http://www.gorillawalker.com/the-birdwatcher-the-terrorists-the-bird-watcher-book-1-kindle.pdf
    • http://www.gorillawalker.com/gp-psychotropic-handbook.pdf
    • http://www.gorillawalker.com/a-journey-from-aleppo-to-jerusalem-at-easter-a-d.pdf
    • http://www.gorillawalker.com/the-psychology-of-spine-surgery.pdf
    • http://www.gorillawalker.com/the-keeper-of-the-isis-light.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.