Malicious PDF — malware analysis report

Static analysis result for SHA-256 78f513182e551be9…

MALICIOUS

PDF

44.6 KB Created: 2019-03-17 05:20:03 +03:00 Authoring application: calibre 0.9.2 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 4676c122b4e0e04e994a3ecceb5a3416 SHA-1: ea04e659a81fc769b3043ed384ae116a23c91037 SHA-256: 78f513182e551be9d51aa836b8c4a7093256d892862ecff136dd5e32d05a0a18
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The embedded URLs suggest an attempt to redirect the user to a website hosting numerous documents, potentially for SEO manipulation or to serve malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-chronicles-of-fire-and-ice-the-revealing-volume-1.pdf
    • http://www.gorillawalker.com/daily-modernism-the-literary-diaries-of-virginia-wolf-antonia-white.pdf
    • http://www.gorillawalker.com/clubbin-kindle-edition.pdf
    • http://www.gorillawalker.com/casenote-legal-briefs-criminal-procedure-keyed-to-chemerinsky-and-levenson.pdf
    • http://www.gorillawalker.com/electromagnetic-nondestructive-evaluation-xv-studies-in-applied-electromagnetics-and-mechanics.pdf
    • http://www.gorillawalker.com/am-i-small-wo-xiao-ma-children-s-picture-book.pdf
    • http://www.gorillawalker.com/legalines-evidence-adaptable-to-the-10th-edition-of-the-waltz.pdf
    • http://www.gorillawalker.com/surrealism-in-literature.pdf
    • http://www.gorillawalker.com/closing-the-gap-in-a-generation-health-equity-through-action.pdf
    • http://www.gorillawalker.com/college-algebra-and-trigonometry-3rd-edition.pdf
    • http://www.gorillawalker.com/canadian-fiction-a-guide-to-reading-interests-genreflecting-advisory-series.pdf
    • http://www.gorillawalker.com/wholemeal-microwave-cooking-from-sears.pdf
    • http://www.gorillawalker.com/lernbuch-lineare-algebra-und-analytische-geometrie-das-wichtigste-ausf-hrlich.pdf
    • http://www.gorillawalker.com/impossible-objects-amazing-optical-illusions-to-confound-astound.pdf
    • http://www.gorillawalker.com/a-child-s-book-of-things.pdf
    • http://www.gorillawalker.com/unbeaten-tracks-in-japan-kindle-edition.pdf
    • http://www.gorillawalker.com/coordination-chemistry-metal-complexes.pdf
    • http://www.gorillawalker.com/the-leica-manual.pdf
    • http://www.gorillawalker.com/dal-roti.pdf
    • http://www.gorillawalker.com/hymns-and-songs-for-catholic-children-classic-reprint.pdf
    • http://www.gorillawalker.com/the-maccabean-revolt-anatomy-of-a-biblical-revolution.pdf
    • http://www.gorillawalker.com/ministry-of-education-school-of-computer-curriculum-reform-project-planning.pdf
    • http://www.gorillawalker.com/river-pollution-studies.pdf
    • http://www.gorillawalker.com/2012-classic-cats-mini-wall-calendar.pdf
    • http://www.gorillawalker.com/polar-bear-project-wildlife.pdf
    • http://www.gorillawalker.com/advanced-general-relativity-cambridge-monographs-on-mathematical-physics.pdf
    • http://www.gorillawalker.com/marvelous-me-my-hands-time-for-kids-nonfiction-readers-pamphlet.pdf
    • http://www.gorillawalker.com/the-bdsm-studies-trilogy-corporal-punishment-a-study-in-caning.pdf
    • http://www.gorillawalker.com/foundations-of-music-technology.pdf
    • http://www.gorillawalker.com/kinaalda-a-navajo-girl-grows-up-we-are-still-here.pdf
    • http://www.gorillawalker.com/gibbes-museum-of-art-installation-volume-ii.pdf
    • http://www.gorillawalker.com/mallorca-travel-guide.pdf
    • http://www.gorillawalker.com/erfolgreiche-software-lizenzierung-electronic-license-management-von-der-auswahl-bis.pdf
    • http://www.gorillawalker.com/goldie-takes-a-stand-golda-meir-146-s-first-crusade.pdf
    • http://www.gorillawalker.com/long-life-cool-white-photographs-and-essays-by-moyra-davey.pdf
    • http://www.gorillawalker.com/these-four-walls.pdf
    • http://www.gorillawalker.com/sscp-systems-security-certified-practitioner-exam-guide-all-in-one.pdf
    • http://www.gorillawalker.com/christopher-morley-s-book-of-days-for-1931-being-a.pdf
    • http://www.gorillawalker.com/fiscal-systems.pdf
    • http://www.gorillawalker.com/israel-ein-reisefuhrer-durch-dreitausend-jahre-walter-reisefuhrer-german-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.