Malicious PDF — malware analysis report

Static analysis result for SHA-256 68f10835c35156a6…

MALICIOUS

PDF

32.6 KB Created: 2020-01-17 19:20:40 +03:00 Authoring application: calibre 0.9.2 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 6f3c30acd7f394b2abcd09b0169b5522 SHA-1: 0f23668b470699c82d505bf95d96d80cf05fac97 SHA-256: 68f10835c35156a697974a6cdae85fcce163a2d17da61129ff14bd096b2078db
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document. The embedded URLs suggest an attempt to manipulate search engine rankings or distribute potentially malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-catholic-guide-to-caring-for-your-aging-parent.pdf
    • http://www.gorillawalker.com/scrap-a-case-study-voices-of-nursing-home-residents-kindle.pdf
    • http://www.gorillawalker.com/old-money-america-aristocracy-in-the-age-of-obama.pdf
    • http://www.gorillawalker.com/split-image.pdf
    • http://www.gorillawalker.com/rosemary-gladstar-s-herbal-remedies-for-children-s-health.pdf
    • http://www.gorillawalker.com/el-sonador-interno-spanish-edition.pdf
    • http://www.gorillawalker.com/united-states-reports-volume-4-cases-adjudged-in-the-supreme.pdf
    • http://www.gorillawalker.com/heaven-and-hell-my-life-in-the-eagles-1974-2001.pdf
    • http://www.gorillawalker.com/from-botulism-to-litigation-what-began-as-narrowly-drawn-legislation.pdf
    • http://www.gorillawalker.com/kilim-history-and-symbols.pdf
    • http://www.gorillawalker.com/singles-101-keys-to-wholeness-and-fulfillment.pdf
    • http://www.gorillawalker.com/een-tijdelijke-bruid-in-iran-dutch-edition.pdf
    • http://www.gorillawalker.com/hurricane-wild-weather.pdf
    • http://www.gorillawalker.com/student-success-in-college-doing-what-works-textbook-specific-csfi.pdf
    • http://www.gorillawalker.com/an-intermediate-guide-to-spss-programming-using-syntax-for-data.pdf
    • http://www.gorillawalker.com/blue-dog-love.pdf
    • http://www.gorillawalker.com/writing-philosophy-a-student-s-guide-to-writing-philosophy-essays.pdf
    • http://www.gorillawalker.com/big-book-of-bible-truths-2.pdf
    • http://www.gorillawalker.com/the-exchange.pdf
    • http://www.gorillawalker.com/pakistan-odyssey-guides.pdf
    • http://www.gorillawalker.com/cold-resistance-of-stone-fruit-flower-buds-pnw.pdf
    • http://www.gorillawalker.com/arriba-comunicaci-n-y-cultura-brief-edition-6th-edition.pdf
    • http://www.gorillawalker.com/intelligent-systems-and-signal-processing-in-power-engineering-power-systems.pdf
    • http://www.gorillawalker.com/whips-and-whipmaking.pdf
    • http://www.gorillawalker.com/terrible-storm.pdf
    • http://www.gorillawalker.com/securities-and-federal-corporate-law-clark-boardman-callaghan-securities-law.pdf
    • http://www.gorillawalker.com/succeeding-at-the-piano-recital-book-grade-1-with-cd.pdf
    • http://www.gorillawalker.com/sway.pdf
    • http://www.gorillawalker.com/applications-of-silicon-germanium-heterostructure-devices-series-in-optics-and.pdf
    • http://www.gorillawalker.com/history-for-ccea-gcse-revision-guide-third-edition.pdf
    • http://www.gorillawalker.com/extremal-graph-theory-04-by-bollobas-bela-mathematics-paperback-2004.pdf
    • http://www.gorillawalker.com/changing-faith-the-dynamics-and-consequences-of-americans-shifting-religious.pdf
    • http://www.gorillawalker.com/finding-sarah-a-duchess-s-journey-to-find-herself-bargain.pdf
    • http://www.gorillawalker.com/wind-effects-on-cable-supported-bridges.pdf
    • http://www.gorillawalker.com/start-your-own-telemarketing-business-small-business-series.pdf
    • http://www.gorillawalker.com/aspects-of-risk-theory-springer-series-in-statistics.pdf
    • http://www.gorillawalker.com/black-eyes.pdf
    • http://www.gorillawalker.com/culture-and-the-city-cultural-philanthropy-in-chicago-from-the.pdf
    • http://www.gorillawalker.com/el-poder-curativo-de-las-gemas-spanish-edition.pdf
    • http://www.gorillawalker.com/stem-cells-hot-topics.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.