Malicious PDF — malware analysis report

Static analysis result for SHA-256 70f83ea1866be33a…

MALICIOUS

PDF

42.0 KB Created: 2018-12-03 17:03:52 +03:00 Authoring application: calibre 0.9.2 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 61e7f194953dd1e2a67914d3227c1509 SHA-1: 2c11550699a30976aee030544cd143714f3c8297 SHA-256: 70f83ea1866be33abb76e8ccd6767706e67490c20d42cae56fcaeaef6fe3e874
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a large number of external PDF documents hosted on the domain 'gorillawalker.com'.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/maths-skills-for-pharmacy-unlocking-pharmaceutical-calculations.pdf
    • http://www.gorillawalker.com/chugokugaku-ronshu-okamura-sadao-hakushi-koki-kinen-japanese-edition.pdf
    • http://www.gorillawalker.com/the-battle-of-cuito-cuanavale-cold-war-angolan-finale-1987.pdf
    • http://www.gorillawalker.com/denominations-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/journey-across-the-four-seas-a-chinese-woman-s-search.pdf
    • http://www.gorillawalker.com/quotable-tiger-potent-quotables.pdf
    • http://www.gorillawalker.com/black-history-community-and-identity.pdf
    • http://www.gorillawalker.com/guns-for-the-sultan-military-power-and-the-weapons-industry.pdf
    • http://www.gorillawalker.com/about-a-body-working-with-the-embodied-mind-in-psychotherapy.pdf
    • http://www.gorillawalker.com/educating-english-language-learners-a-synthesis-of-research-evidence.pdf
    • http://www.gorillawalker.com/introduction-to-photo-offset-lithography-student-guide.pdf
    • http://www.gorillawalker.com/lovely-lord-of-the-lord-s-day-kindle-edition.pdf
    • http://www.gorillawalker.com/norway-in-colours.pdf
    • http://www.gorillawalker.com/the-two-lives-of-sally-miller-a-case-of-mistaken.pdf
    • http://www.gorillawalker.com/old-bones-and-stained-glass-collected-poems-kindle-edition.pdf
    • http://www.gorillawalker.com/making-men-gender-literary-authority-and-women-s-writing-in.pdf
    • http://www.gorillawalker.com/the-irwin-handbook-of-telecommunications.pdf
    • http://www.gorillawalker.com/20-poemas-de-amor-spanish-edition.pdf
    • http://www.gorillawalker.com/new-most-popular-1-story-home-plans-lowe-s.pdf
    • http://www.gorillawalker.com/little-green-an-easy-rawlins-mystery-book-12-unabridged-audible.pdf
    • http://www.gorillawalker.com/how-weaning-happens.pdf
    • http://www.gorillawalker.com/alien-attack-superhero-school-kindle-edition.pdf
    • http://www.gorillawalker.com/visvakarmiya-rathalaksanam-a-study-of-ancient-indian-chariots.pdf
    • http://www.gorillawalker.com/iso-4796-1-2000-laboratory-glassware-bottles-part-1-screw.pdf
    • http://www.gorillawalker.com/basic-legal-research-tools-and-strategies-basic-legal-research-4.pdf
    • http://www.gorillawalker.com/fanon-collective-ethics-and-humanism.pdf
    • http://www.gorillawalker.com/release-by-treaty-qui-treaty-collection-space-opera-romance-book.pdf
    • http://www.gorillawalker.com/pressing-down-the-lever-robotx-get-help-from-simple-machines.pdf
    • http://www.gorillawalker.com/guia-ilustrada-de-kayak-de-mar.pdf
    • http://www.gorillawalker.com/science-around-the-house.pdf
    • http://www.gorillawalker.com/the-harvest-the-heartland-trilogy-book-3.pdf
    • http://www.gorillawalker.com/coaching-business-secrets-how-to-set-up-your-own-successful.pdf
    • http://www.gorillawalker.com/circuits-matrices-and-linear-vector-spaces-dover-books-on-electrical.pdf
    • http://www.gorillawalker.com/salivary-gland-disorders.pdf
    • http://www.gorillawalker.com/ganga-a-journey-down-the-ganges-river.pdf
    • http://www.gorillawalker.com/max-reger-a-bio-bibliography-bio-bibliographies-in-music.pdf
    • http://www.gorillawalker.com/sword-of-the-samurai-fighting-fantasy-gamebook-no-20.pdf
    • http://www.gorillawalker.com/equipment-leasing-4th-edition.pdf
    • http://www.gorillawalker.com/fulltime-rv-living-45-amazing-rv-living-diy-hacks-to.pdf
    • http://www.gorillawalker.com/the-physician-employment-contract-handbook-second-edition-a-guide-to.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.