Malicious PDF — malware analysis report

Static analysis result for SHA-256 6e8c32ce9577451e…

MALICIOUS

PDF

34.7 KB Created: 2019-11-10 05:17:53 +03:00 Authoring application: calibre 0.9.31 [http://calibre-ebook.com]
MD5: 3fb6441681e7679de354b0cfaf42120a SHA-1: 6da35cab869a05f806fd50f61383628210ab23ec SHA-256: 6e8c32ce9577451e3ad6a335f5e39d31db9975b5184f26f98dfc009c10cc1008
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests the document's primary purpose is to direct users to a link farm, potentially for SEO manipulation or to host malicious content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8531

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/burned-out-on-being-good-kindle-edition.pdf
    • http://www.gorillawalker.com/cengage-advantage-books-social-psychology-and-human-nature-brief.pdf
    • http://www.gorillawalker.com/the-neuropsychology-of-vision.pdf
    • http://www.gorillawalker.com/british-pharmacopoeia-2012-6-vol-set-british-pharmacopoeia-incl-bp.pdf
    • http://www.gorillawalker.com/modern-masters-volume-3-bruce-timm.pdf
    • http://www.gorillawalker.com/x-ray-photoelectron-spectroscopy-an-introduction-to-principles-and-practices.pdf
    • http://www.gorillawalker.com/far-out-brussel-sprout-australian-children-s-chants-and-rhymes.pdf
    • http://www.gorillawalker.com/time-for-andrew-a-ghost-story.pdf
    • http://www.gorillawalker.com/project-apollo-the-test-program-volume-1-pocket-space-guides.pdf
    • http://www.gorillawalker.com/nucleosynthesis-and-chemical-evolution-of-galaxies.pdf
    • http://www.gorillawalker.com/suburban-warriors-the-origins-of-the-new-american-right.pdf
    • http://www.gorillawalker.com/principles-of-biochemistry-fifth-edition-hardbound-international-edition.pdf
    • http://www.gorillawalker.com/epistemology-archaeology-ethics-current-investigations-of-husserl-s-corpus-issues.pdf
    • http://www.gorillawalker.com/fiber-optics-technician-s-manual-2nd-second-edition.pdf
    • http://www.gorillawalker.com/divalproex-manic-depression-a-guide.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-electronic-circuits-volume-6.pdf
    • http://www.gorillawalker.com/all-japan-masochist-certification-exam-level-5-6-7-triple.pdf
    • http://www.gorillawalker.com/music-therapy-a-medical-dictionary-bibliography-and-annotated-research-guide.pdf
    • http://www.gorillawalker.com/air-monitoring-by-spectroscopic-techniques-chemical-analysis-volume-127.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-reality-television-the-ultimate-guide-to-over.pdf
    • http://www.gorillawalker.com/gran-s-magic-bells-books-candles.pdf
    • http://www.gorillawalker.com/virgin-tourist-locations-of-madhya-pradesh-district-dindori-district-dindori.pdf
    • http://www.gorillawalker.com/old-testament-exegesis-a-handbook-for-students-and-pastors.pdf
    • http://www.gorillawalker.com/the-living-voice-of-the-gospel-the-gospels-today.pdf
    • http://www.gorillawalker.com/pressure-cooker-cookbook-15-minute-delicious-pressure-cooker-cookbook-recipes.pdf
    • http://www.gorillawalker.com/1000-illustrations-for-preaching-and-teaching.pdf
    • http://www.gorillawalker.com/the-owner-of-his-heart.pdf
    • http://www.gorillawalker.com/the-vestibule.pdf
    • http://www.gorillawalker.com/math-grade-3-skill-builders.pdf
    • http://www.gorillawalker.com/occasional-overture-score-faber-edition.pdf
    • http://www.gorillawalker.com/women-s-legal-strategies-in-canada.pdf
    • http://www.gorillawalker.com/sap-sd-interview-questions-answers-and-explanations.pdf
    • http://www.gorillawalker.com/living-or-nonliving-rosen-common-core-readers.pdf
    • http://www.gorillawalker.com/100-tips-for-guitar-you-should-have-been-told-includes.pdf
    • http://www.gorillawalker.com/cocina-criolla-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/authentic-assessment-for-english-language-learners-practical-approaches-for-teachers.pdf
    • http://www.gorillawalker.com/bulging-brain-experiments-horrible-science.pdf
    • http://www.gorillawalker.com/history-of-doing-an-illustrated-account-of-movements-for-women.pdf
    • http://www.gorillawalker.com/impossible-heights-skyscrapers-flight-and-the-master-builder.pdf
    • http://www.gorillawalker.com/est-ardiendo-una-papelera-diario-de-una-directora-de-instituto.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.