Malicious PDF — malware analysis report

Static analysis result for SHA-256 65b9c6bc53f019a1…

MALICIOUS

PDF

34.1 KB Created: 2019-11-23 19:52:25 +03:00 Authoring application: calibre 0.9.8 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 213cab46b15ef05bf0c0cd732fd5e541 SHA-1: 202348ea2f54ac83557367f6c2a880563804a289 SHA-256: 65b9c6bc53f019a10d01aec65c60141c38ae4e7a0325729a68283c0e844d1ee5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute a payload. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/american-dreamer-bucky-fuller-and-the-sacred-geometry-of-nature.pdf
    • http://www.gorillawalker.com/secrets-of-backyard-bird-photography.pdf
    • http://www.gorillawalker.com/flourish-a-visionary-new-understanding-of-happiness-and-well-being.pdf
    • http://www.gorillawalker.com/zobeck-gazetteer.pdf
    • http://www.gorillawalker.com/molecular-microbial-ecology-advanced-methods.pdf
    • http://www.gorillawalker.com/kin-kindle-edition.pdf
    • http://www.gorillawalker.com/tashlich-at-turtle-rock.pdf
    • http://www.gorillawalker.com/taneesha-wants-some-of-that-deshona-side-story.pdf
    • http://www.gorillawalker.com/number-puzzles.pdf
    • http://www.gorillawalker.com/piero-lissoni.pdf
    • http://www.gorillawalker.com/pictorial-atlas-of-the-history-of-the-union-of-south.pdf
    • http://www.gorillawalker.com/no-soy-un-libro-siruela-colecci.pdf
    • http://www.gorillawalker.com/mel-bay-presents-deluxe-anthology-of-o-carolan-music-for.pdf
    • http://www.gorillawalker.com/superstition-in-roman-society.pdf
    • http://www.gorillawalker.com/the-oxford-companion-to-british-railway-history-from-1603-to.pdf
    • http://www.gorillawalker.com/let-s-use-free-speech-to-praise-straight-edge.pdf
    • http://www.gorillawalker.com/eb-5-and-u-s-securities-law.pdf
    • http://www.gorillawalker.com/her-turn-on-stage-the-role-of-women-in-musical.pdf
    • http://www.gorillawalker.com/don-juan-op-20-cello-part-qty-3-a2119.pdf
    • http://www.gorillawalker.com/encyclopedia-of-the-history-of-invention-and-technology-3-volume.pdf
    • http://www.gorillawalker.com/getting-started-with-the-graph-template-language-in-sas-examples.pdf
    • http://www.gorillawalker.com/emergency-first-responder.pdf
    • http://www.gorillawalker.com/looking-for-tara-the-gone-with-the-wind-guide-to.pdf
    • http://www.gorillawalker.com/introduction-to-clinical-pharmacology-7e.pdf
    • http://www.gorillawalker.com/poemas-destino-casual-o-causal-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/menage-the-outrageous-beautiful-of-her-was-spectacular-menage-romance.pdf
    • http://www.gorillawalker.com/our-year-through-hell-how-a-small-inheritance-brought-out.pdf
    • http://www.gorillawalker.com/dirty-pair-dangerous-acquaintances.pdf
    • http://www.gorillawalker.com/you-can-choose-to-be-happy-rise-above-anxiety-anger.pdf
    • http://www.gorillawalker.com/your-spiritual-gifts-can-help-your-church-grow-small-group.pdf
    • http://www.gorillawalker.com/lake-george-new-york-canada-s-front-door-america-s.pdf
    • http://www.gorillawalker.com/bellfield-hall-or-the-deductions-of-miss-dido-kent-dido.pdf
    • http://www.gorillawalker.com/introduction-to-rug-hooking-a-beginner-s-guide-to-tools.pdf
    • http://www.gorillawalker.com/aquaponic-gardening-a-step-by-step-guide-to-raising-vegetables.pdf
    • http://www.gorillawalker.com/all-glory-laud-and-honor-choral-score-keyboard-c-instrument.pdf
    • http://www.gorillawalker.com/mom-blogging-for-dummies.pdf
    • http://www.gorillawalker.com/codes-on-euclidean-spheres-volume-63-north-holland-mathematical-library.pdf
    • http://www.gorillawalker.com/on-nature-ramblings-on-the-british-countryside-by-caught-by.pdf
    • http://www.gorillawalker.com/national-geographic-kids-amazing-pets-sticker-activity-book-over-1.pdf
    • http://www.gorillawalker.com/professional-records-and-information-management-student-edition-with-cd-rom.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.