Malicious PDF — malware analysis report

Static analysis result for SHA-256 20fbabac909fa215…

MALICIOUS

PDF

43.8 KB Created: 2018-11-15 18:32:18 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: e9419e37f9630c26fc34fb82be0558d3 SHA-1: e1b78f6473fde32224bc701fa63bc2bf9bcdca44 SHA-256: 20fbabac909fa2153d84e824038f36b73bdcee6d8a68291004032ac71e604d39
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, predominantly hosted on www.gorillawalker.com. No scripts were extracted, and the document body was unreadable, but the link farm strongly suggests a malicious intent to redirect users or manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-white-ballets.pdf
    • http://www.gorillawalker.com/clothes-long-ago-learn-abouts.pdf
    • http://www.gorillawalker.com/the-rainbow-and-the-worm-the-physics-of-organisms-kindle.pdf
    • http://www.gorillawalker.com/dirty-game.pdf
    • http://www.gorillawalker.com/linear-analysis-and-representation-theory-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/no-one-is-innocent-punk-art-style-revolt.pdf
    • http://www.gorillawalker.com/nfl-rush-zone-guardians-of-the-core-tpb.pdf
    • http://www.gorillawalker.com/reprint-1963-yearbook-mead-high-school-spokane-washington.pdf
    • http://www.gorillawalker.com/the-mars-connection-how-the-red-planet-influences-the-stock.pdf
    • http://www.gorillawalker.com/shifting-the-color-line-race-and-the-american-welfare-state.pdf
    • http://www.gorillawalker.com/mucho-mojo-a-hap-and-leonard-novel-hap-and-leonard.pdf
    • http://www.gorillawalker.com/fiesta-treble-recorder.pdf
    • http://www.gorillawalker.com/basic-united-methodist-beliefs-an-evangelical-view.pdf
    • http://www.gorillawalker.com/foundations-of-macroeconomics-6th-edition.pdf
    • http://www.gorillawalker.com/riding-the-creative-rollercoaster-how-leaders-evoke-creativity-productivity-and.pdf
    • http://www.gorillawalker.com/chrysalis-poems-of-release.pdf
    • http://www.gorillawalker.com/vixi-memoirs-of-a-non-belonger.pdf
    • http://www.gorillawalker.com/song-of-the-silent-harp-the-emerald-ballad.pdf
    • http://www.gorillawalker.com/physicians-healed.pdf
    • http://www.gorillawalker.com/frommer-s-greece-frommer-s-complete-guides.pdf
    • http://www.gorillawalker.com/studyguide-for-financial-accounting-by-wild-john-isbn-9780078025891.pdf
    • http://www.gorillawalker.com/the-anti-emile-reflections-on-the-theory-and-practice-of.pdf
    • http://www.gorillawalker.com/marine-scout-snipers-in-action-special-ops-ii.pdf
    • http://www.gorillawalker.com/psychotropic-drug-directory-2010-the-professionals-pocket-handbook-and-aide.pdf
    • http://www.gorillawalker.com/the-apha-complete-review-for-pharmacy-10th-edition-gourley-apha.pdf
    • http://www.gorillawalker.com/bausteine-der-kindlichen-entwicklung-die-bedeutung-der-integration-der-sinne.pdf
    • http://www.gorillawalker.com/dreams-of-awakening-lucid-dreaming-and-mindfulness-of-dream-and.pdf
    • http://www.gorillawalker.com/balada-when-death-did-not-exist-nor-yet-eternity-part.pdf
    • http://www.gorillawalker.com/building-an-affordable-house-trade-secrets-to-high-value-low.pdf
    • http://www.gorillawalker.com/greece-blue-guides.pdf
    • http://www.gorillawalker.com/diagnosing-and-treating-mental-illness-encyclopedia-of-health.pdf
    • http://www.gorillawalker.com/signs-of-belonging-luther-s-marks-of-the-church-and.pdf
    • http://www.gorillawalker.com/the-yage-letters-redux.pdf
    • http://www.gorillawalker.com/college-algebra-and-trigonometry-seventh-edition-with-enhanced-webassign-access.pdf
    • http://www.gorillawalker.com/how-to-write-a-damn-good-novel-ii-advanced-techniques.pdf
    • http://www.gorillawalker.com/wildwood-wisdom-master-your-talent-for-wilderness-survival-wildwood-wildwood.pdf
    • http://www.gorillawalker.com/divina-comedia-divine-comedy-spanish-edition.pdf
    • http://www.gorillawalker.com/the-baba-yaga-weird-space-book-3.pdf
    • http://www.gorillawalker.com/outlines-of-physical-geology-prepared-from-the-third-edition-of.pdf
    • http://www.gorillawalker.com/the-iliad-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-mars-connection-how-the-red-plane
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    +2 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.