Malicious PDF — malware analysis report

Static analysis result for SHA-256 3f548e3ab7fe0802…

MALICIOUS

PDF

42.9 KB Created: 2018-11-30 20:24:52 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: ccfdd72677081f24a4873083fdf8bc28 SHA-1: 218ee486738ecf565859b906b09f2b0e29faa1fd SHA-256: 3f548e3ab7fe0802780322c6c2c7a521bd60352295aaa24b0f39b0dc7bb89a34
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, indicating a potential link farm or distribution mechanism. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external links, suggesting the document's purpose is to drive traffic or distribute content through these links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/virtual-clinical-excursions-for-medical-surgical-nursing.pdf
    • http://www.gorillawalker.com/salud-mental-psicopatolog.pdf
    • http://www.gorillawalker.com/code-name-verity-thorndike-press-large-print-literacy-bridge-series.pdf
    • http://www.gorillawalker.com/no-contact-ending-a-destructive-relationship.pdf
    • http://www.gorillawalker.com/a-walk-in-the-desert-biomes-of-north-america.pdf
    • http://www.gorillawalker.com/esther-s-friend.pdf
    • http://www.gorillawalker.com/tier-wortsuche-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/harvard-business-review-on-ceo-succession-harvard-business-review-paperback.pdf
    • http://www.gorillawalker.com/attacking-soccer-a-tactical-analysis-kindle-edition.pdf
    • http://www.gorillawalker.com/mozart-piano-concerto-in-f-major-k-37-instantly-download.pdf
    • http://www.gorillawalker.com/black-ships-before-troy-the-story-of-the-illiad.pdf
    • http://www.gorillawalker.com/mental-math-in-junior-high-grades-7-9.pdf
    • http://www.gorillawalker.com/ysengrimus-dumbarton-oaks-medieval-library.pdf
    • http://www.gorillawalker.com/principles-of-optics-optoelectronics-and-photonics-prentice-hall-international-series.pdf
    • http://www.gorillawalker.com/the-knot-guide-to-destination-weddings.pdf
    • http://www.gorillawalker.com/unexpected-ties.pdf
    • http://www.gorillawalker.com/el-ideal-iniciatico-masoneria-spanish-edition.pdf
    • http://www.gorillawalker.com/north-country-quilts-legend-and-living-traditions.pdf
    • http://www.gorillawalker.com/life-of-heber-c-kimball-an-apostle-the-father-and.pdf
    • http://www.gorillawalker.com/sea-kayak-navigation-a-practical-manual-essential-knowledge-for-finding.pdf
    • http://www.gorillawalker.com/wynema-a-child-of-the-forest.pdf
    • http://www.gorillawalker.com/at-christ-s-table.pdf
    • http://www.gorillawalker.com/early-mesopotamia-society-and-economy-at-the-dawn-of-history.pdf
    • http://www.gorillawalker.com/why-the-clintons-belong-in-prison.pdf
    • http://www.gorillawalker.com/9-months-in-tibet.pdf
    • http://www.gorillawalker.com/qur-an-and-bible-side-by-side-a-non-partial.pdf
    • http://www.gorillawalker.com/the-betrayal-the-coyle-trilogy.pdf
    • http://www.gorillawalker.com/grow-fruit-indoors-tips-on-how-to-grow-indoors-the.pdf
    • http://www.gorillawalker.com/low-back-pain-classroom-1998-isbn-4880023981-japanese-import.pdf
    • http://www.gorillawalker.com/a-thousand-years-of-philippine-history-before-the-coming-of.pdf
    • http://www.gorillawalker.com/song-of-songs-lamentations-word-biblical-commentary.pdf
    • http://www.gorillawalker.com/an-intellectual-s-visual-miscellany-an-illustrated-guide-to-masterworks.pdf
    • http://www.gorillawalker.com/strawberry-shortcake-s-filly-friends-all-aboard-reading-station-stop.pdf
    • http://www.gorillawalker.com/the-allergy-bible-understanding-diagnosing-treating-allergies-and-intolerances.pdf
    • http://www.gorillawalker.com/the-hipster-librarian-s-guide-to-teen-craft-projects-2.pdf
    • http://www.gorillawalker.com/postcolonial-perspectives-on-latin-american-and-lusophone-cultures.pdf
    • http://www.gorillawalker.com/so-you-graduated-college-a-financial-guide-to-life-after.pdf
    • http://www.gorillawalker.com/coping-with-anti-americanism-a-guide-to-getting-the-most.pdf
    • http://www.gorillawalker.com/borderities-and-the-politics-of-contemporary-mobile-borders.pdf
    • http://www.gorillawalker.com/henry-david-thoreau-a-man-for-all-seasons-makers-of.pdf
    • http://www.gorillawalker.com/harvard-business-review-on-ceo-succe
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.