Malicious PDF — malware analysis report

Static analysis result for SHA-256 62ae0b61a0a90464…

MALICIOUS

PDF

46.1 KB Created: 2018-11-30 20:30:20 +03:00 Authoring application: calibre 0.9.13 [http://calibre-ebook.com]
MD5: 6781a0ae0648588451a1da4b9d42a357 SHA-1: da4160aae13a931b325da52174dfcbe0cafc7739 SHA-256: 62ae0b61a0a90464df3e2e67250aa0492083d2365abbfb4d3123f2f74e302648
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be the creation of a link farm, potentially for SEO manipulation or to distribute additional malicious content, rather than direct user interaction within the document itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/war-between-the-turks-and-the-persians-conflict-and-religion.pdf
    • http://www.gorillawalker.com/algebraic-geometry-over-the-complex-numbers-universitext.pdf
    • http://www.gorillawalker.com/how-50-baby-boomers-can-still-retire-a-practical-guide.pdf
    • http://www.gorillawalker.com/handbook-of-fractures.pdf
    • http://www.gorillawalker.com/niv-standard-lesson-commentary-large-print-edition-2013-150-2014.pdf
    • http://www.gorillawalker.com/paradox-games-rune-gild-edition.pdf
    • http://www.gorillawalker.com/an-alligator-in-your-yard.pdf
    • http://www.gorillawalker.com/the-change-management-pocket-guide.pdf
    • http://www.gorillawalker.com/advanced-quantum-chemistry-theory-of-interactions-between-molecules.pdf
    • http://www.gorillawalker.com/namibia-map.pdf
    • http://www.gorillawalker.com/a-history-of-the-catechumenate-the-first-six-centuries.pdf
    • http://www.gorillawalker.com/the-letters-of-william-gilmore-simms-volume-iv-1858-1866.pdf
    • http://www.gorillawalker.com/heart-of-stone-gods-monsters-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/number-from-ahmes-to-cantor.pdf
    • http://www.gorillawalker.com/administering-medications-6th-edition.pdf
    • http://www.gorillawalker.com/back-to-basics-fundamentals-chesscafe-back-to-basics-chess-series.pdf
    • http://www.gorillawalker.com/afca-s-offensive-football-drills.pdf
    • http://www.gorillawalker.com/save-that-penny-for-a-sunny-day-workbook-volume-3.pdf
    • http://www.gorillawalker.com/in-search-of-good-form-gestalt-therapy-with-couples-and.pdf
    • http://www.gorillawalker.com/electro-optical-system-analysis-and-design-a-radiometry-perspective-spie.pdf
    • http://www.gorillawalker.com/the-american-accent-guide-a-complete-and-comprehensive-course-on.pdf
    • http://www.gorillawalker.com/historical-geomorphology-and-geoarchaeology-in-southwestern-makgadikgadi-basin-botswana.pdf
    • http://www.gorillawalker.com/homestead-survival-hacks-how-to-start-living-on-your-own.pdf
    • http://www.gorillawalker.com/orvis-fly-fishing-guide-completely-revised-and-updated-with-over.pdf
    • http://www.gorillawalker.com/side-yard-superhero-life-lessons-from-an-unlikely-teacher-fanfare.pdf
    • http://www.gorillawalker.com/interjections-explorer-junior-library-language-arts-explorer-junior.pdf
    • http://www.gorillawalker.com/color-reprint-1987-yearbook-oakton-high-school-vienna-virginia.pdf
    • http://www.gorillawalker.com/clean-jokes-for-kids-young-reader-s-christian-library.pdf
    • http://www.gorillawalker.com/journal-of-chemical-physics-volume-97-number-6-september-15.pdf
    • http://www.gorillawalker.com/spider-s-trap-elemental-assassin.pdf
    • http://www.gorillawalker.com/computer-forensics-investigating-network-intrusions-and-cyber-crime-ec-council.pdf
    • http://www.gorillawalker.com/we-go-far-back-in-time-the-letters-of-earle.pdf
    • http://www.gorillawalker.com/smoke-and-mirrors-short-fiction-and-illusions.pdf
    • http://www.gorillawalker.com/sutcliffe-s-commentary-on-the-old-new-testaments-book-of.pdf
    • http://www.gorillawalker.com/johannes-brahms-15-selected-songs-the-vocal-library-low-voice.pdf
    • http://www.gorillawalker.com/getting-a-handle-on-herpes-kindle-edition.pdf
    • http://www.gorillawalker.com/modelling-the-wireless-propagation-channel-a-simulation-approach-with-matlab.pdf
    • http://www.gorillawalker.com/sales-how-to-sell-influence-people-persuade-and-close-the.pdf
    • http://www.gorillawalker.com/world-of-reading-doc-mcstuffins-loud-louie-pre-level-1.pdf
    • http://www.gorillawalker.com/music-and-video-retailing-in-austria-market-snapshot-to-2015.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.