Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f9e20c89468778b…

MALICIOUS

PDF

42.9 KB Created: 2019-03-18 08:34:32 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: 03cb51678ebfcb1faefdf41cae2c00cc SHA-1: 2326682b23edfcfed6d6bd566dcffbc369709fb8 SHA-256: 5f9e20c89468778b9a965f2b1e8468893b30cb046b0a472067f0a4bd584ef8e1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a domain hosting numerous PDF documents, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-signs-and-involvements-of-god.pdf
    • http://www.gorillawalker.com/misplaced-legion-and-emperor-for-the-legion-videssos-cycle-vol.pdf
    • http://www.gorillawalker.com/toronto-s-railway-heritage-images-of-rail.pdf
    • http://www.gorillawalker.com/hyundai-elantra-1996-thru-2006-haynes-repair-manual.pdf
    • http://www.gorillawalker.com/the-ecology-of-freedom-the-emergence-and-dissolution-of-hierarchy.pdf
    • http://www.gorillawalker.com/the-problem-with-humanistic-therapies-the-problem-with-series.pdf
    • http://www.gorillawalker.com/the-disaster-of-the-hindenburg-time-quest.pdf
    • http://www.gorillawalker.com/contract-changes-disputes-and-terminations-mastering-the-fundamentals.pdf
    • http://www.gorillawalker.com/preparing-for-the-youtubes-an-article-from-washington-monthly-html.pdf
    • http://www.gorillawalker.com/the-machine-in-the-garden-technology-and-the-pastoral-ideal.pdf
    • http://www.gorillawalker.com/the-angel-scroll-the-fallen-ones-volume-1.pdf
    • http://www.gorillawalker.com/quantum-gravity-international-series-of-monographs-on-physics-vol-136.pdf
    • http://www.gorillawalker.com/painting-and-illumination-in-early-renaissance-florence-1300-1450.pdf
    • http://www.gorillawalker.com/horst-portraits-60-years-of-style.pdf
    • http://www.gorillawalker.com/again.pdf
    • http://www.gorillawalker.com/clinical-drug-therapy-rationales-for-nursing-practice.pdf
    • http://www.gorillawalker.com/jerusalem-s-traitor-josephus-masada-and-the-fall-of-judea.pdf
    • http://www.gorillawalker.com/exponential-organizations-new-organizations-are-ten-tmes-better-faster-and.pdf
    • http://www.gorillawalker.com/egypt-vs-greece-and-the-american-academy-the-debate-over.pdf
    • http://www.gorillawalker.com/powers-of-persuasion-the-inside-story-of-british-advertising.pdf
    • http://www.gorillawalker.com/newspaper-design-editing-and-design-bk-5.pdf
    • http://www.gorillawalker.com/raw-food-recipes-healthy-delicious-recipes-for-any-occasion-everyday.pdf
    • http://www.gorillawalker.com/a-guide-to-the-wildflowers-of-south-carolina.pdf
    • http://www.gorillawalker.com/holiday-walks-in-the-loire-valley.pdf
    • http://www.gorillawalker.com/craving-high-school-love-kindle-edition.pdf
    • http://www.gorillawalker.com/taken-by-the-cowboy-werewolf-erotica.pdf
    • http://www.gorillawalker.com/business-law-and-the-regulatory-environment.pdf
    • http://www.gorillawalker.com/hanging-on-or-how-to-get-through-a-depression-and.pdf
    • http://www.gorillawalker.com/social-divisions-second-edition.pdf
    • http://www.gorillawalker.com/spiritual-formation-a-wesleyan-paradigm.pdf
    • http://www.gorillawalker.com/bundle-sam-2010-assessment-and-training-v2-0-printed-access.pdf
    • http://www.gorillawalker.com/subtech-91-back-to-the-future-papers-presented-at-a.pdf
    • http://www.gorillawalker.com/spielbuch-f-r-violoncello-b-vc-1-2.pdf
    • http://www.gorillawalker.com/frankenstink-garbage-gone-bad.pdf
    • http://www.gorillawalker.com/tourism-culture-and-development-hopes-dreams-and-realities-in-east.pdf
    • http://www.gorillawalker.com/lost-in-the-labyrinth.pdf
    • http://www.gorillawalker.com/a-beaver-s-life-nature-s-engineer.pdf
    • http://www.gorillawalker.com/budget-accounting-revised-4th-edition-of-higher-vocational-education-teaching.pdf
    • http://www.gorillawalker.com/pragmatics-and-natural-language-understanding-tutorial-essays-in-cognitive-science.pdf
    • http://www.gorillawalker.com/shinto-in-history-ways-of-the-kami.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.