Malicious PDF — malware analysis report

Static analysis result for SHA-256 27eabd473e1c1028…

MALICIOUS

PDF

42.5 KB Created: 2018-11-26 20:06:52 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: c4c0b102f5e82ce8934b87904148e46f SHA-1: aa5a8f6b9b6bab50845bca172c066e8e451116b6 SHA-256: 27eabd473e1c102806c4d5302568f1ea2b9c85aafde4025c37c1c90f69611a4b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, all hosted on the same domain. This behavior is indicative of a link farm or a redirection scheme designed to drive traffic to a specific site. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/days-missing-volume-1.pdf
    • http://www.gorillawalker.com/affirmations-for-children.pdf
    • http://www.gorillawalker.com/i-see-summer.pdf
    • http://www.gorillawalker.com/landship-engine-agincourt-over-again.pdf
    • http://www.gorillawalker.com/50-girls-50-shakedown-volume-1-tp.pdf
    • http://www.gorillawalker.com/le-favolose-bahama.pdf
    • http://www.gorillawalker.com/roadcraft-the-police-driver-s-handbook.pdf
    • http://www.gorillawalker.com/applied-growth-and-development-cephalometric-laboratory-manual-for-undergraduate-orthodontics.pdf
    • http://www.gorillawalker.com/advances-in-organometallic-chemistry-41-kindle-edition.pdf
    • http://www.gorillawalker.com/beginning-at-moses-a-guide-to-finding-christ-in-the.pdf
    • http://www.gorillawalker.com/sinister-dexter-vol-01-gunshark-vacation.pdf
    • http://www.gorillawalker.com/pen-lettering-calligraphy.pdf
    • http://www.gorillawalker.com/trucos-practicos-para-quemar-grasa-abdominal-spanish-edition.pdf
    • http://www.gorillawalker.com/craniofacial-biology-and-craniofacial-surgery.pdf
    • http://www.gorillawalker.com/dead-meat-the-complete-books-of-sabat.pdf
    • http://www.gorillawalker.com/the-road-to-three-pagodas.pdf
    • http://www.gorillawalker.com/prophets-unarmed-chinese-trotskyists-in-revolution-war-jail-and-the.pdf
    • http://www.gorillawalker.com/sports-camp-in-a-box-football-edition.pdf
    • http://www.gorillawalker.com/any-body-can-cook-in-a-crockpot-any-blonde-can.pdf
    • http://www.gorillawalker.com/orbit-and-sellar-region-microsurgical-anatomy-and-operative-approaches.pdf
    • http://www.gorillawalker.com/lasik-eye-surgery-risks-lasik-surgery-side-effects-and-complications.pdf
    • http://www.gorillawalker.com/ratchet-complete-boxed-set-total-chance-kindle-edition.pdf
    • http://www.gorillawalker.com/the-buddhist-essene-gospel-of-jesus-volume-ii.pdf
    • http://www.gorillawalker.com/logical-analysis-of-hybrid-systems-proving-theorems-for-complex-dynamics.pdf
    • http://www.gorillawalker.com/creative-expressions-of-untamed-minds-poems-sonnets-and-other-insightful.pdf
    • http://www.gorillawalker.com/geschichte-des-ffentlichen-personenverkehrs-von-den-anf-ngen-bis-2014.pdf
    • http://www.gorillawalker.com/europe-s-top-pin-ups-no-03-1956-a-dazzling.pdf
    • http://www.gorillawalker.com/roger-meets-sam.pdf
    • http://www.gorillawalker.com/the-original-mcguffey-s-pictorial-eclectic-primer-mcguffey-s-readers.pdf
    • http://www.gorillawalker.com/cambridge-global-english-stage-8-coursebook-with-audio-cd-cambridge.pdf
    • http://www.gorillawalker.com/constitutionalism-in-america-volume1-to-secure-the-blessings-of-liberty.pdf
    • http://www.gorillawalker.com/my-brother-s-keeper-james-joyce-s-early-years-paperback.pdf
    • http://www.gorillawalker.com/the-egypt-game-kindle-edition.pdf
    • http://www.gorillawalker.com/career-confidence-career-development-hypnosis-for-confidence-focus-self-belief.pdf
    • http://www.gorillawalker.com/leyendas-de-am-rica-latina-contadas-para-ni-os-spanish.pdf
    • http://www.gorillawalker.com/caramelo.pdf
    • http://www.gorillawalker.com/a-signal-shattered.pdf
    • http://www.gorillawalker.com/the-dragon-of-handale-a-mystery-abbess-hildegard-of-meaux.pdf
    • http://www.gorillawalker.com/stories-of-home-place-identity-exile.pdf
    • http://www.gorillawalker.com/calculus-with-early-vectors.pdf
    • http://www.gorillawalker.com/be
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.