Malicious PDF — malware analysis report

Static analysis result for SHA-256 89ed6ccb1dcc8c9b…

MALICIOUS

PDF

33.7 KB Created: 2019-12-14 04:34:39 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: e6a42b87c9c9934188d7b7d69b6e7a2c SHA-1: 446b2b68c4e6887435e3ff684e917d14b648a81a SHA-256: 89ed6ccb1dcc8c9b66addf33f62991428f0411b034f5a5f0fde00094fa47e937
90 Risk Score

Malware Insights

MITRE ATT&CK
T1598 Gather Victim Identity Information T1204 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute a high volume of content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/weathering-rock.pdf
    • http://www.gorillawalker.com/cobbett-s-cyclopedic-survey-of-chamber-music-volume-3-supplement.pdf
    • http://www.gorillawalker.com/official-isc-2-guide-to-the-cissp-cbk-isc-2.pdf
    • http://www.gorillawalker.com/marian-profile-in-the-ecclesiology-of-hans-urs-von-balthasar.pdf
    • http://www.gorillawalker.com/barbara.pdf
    • http://www.gorillawalker.com/russian-folk-tales.pdf
    • http://www.gorillawalker.com/midwinter-day.pdf
    • http://www.gorillawalker.com/el-abc-de-la-administracion-de-propiedades-the-abc-s.pdf
    • http://www.gorillawalker.com/forex-trading-secrets-how-i-finally-leaked-the-secrets-and.pdf
    • http://www.gorillawalker.com/the-children-s-book-of-the-world-cup-in-color.pdf
    • http://www.gorillawalker.com/thomas-friends-mavis-the-diesel-engine-thomas-friends-story-library.pdf
    • http://www.gorillawalker.com/the-teacher-who-couldn-t-read-one-man-s-triumph.pdf
    • http://www.gorillawalker.com/experimentalphysik-2-elektrizit-t-und-optik-springer-lehrbuch-german-edition.pdf
    • http://www.gorillawalker.com/the-open-championship-1996.pdf
    • http://www.gorillawalker.com/how-to-draw-x-men.pdf
    • http://www.gorillawalker.com/other-voices-other-vistas-short-stories-from-africa-china-india.pdf
    • http://www.gorillawalker.com/textbook-of-personalized-medicine.pdf
    • http://www.gorillawalker.com/alcools-athlone-french-poets.pdf
    • http://www.gorillawalker.com/aircraft-performance-explanation-for-takeoff-from-a-high-altitude-airport.pdf
    • http://www.gorillawalker.com/roma-e-il-vaticano-italian-language-edition.pdf
    • http://www.gorillawalker.com/boppli-in-a-basket-amish-miracles-books.pdf
    • http://www.gorillawalker.com/2772-strategy-card-game-2772-card-game-volume-1.pdf
    • http://www.gorillawalker.com/holy-grail-the-true-story-of-british-wrestling-s-revival.pdf
    • http://www.gorillawalker.com/internationale-private-venture-capital-directory-2009.pdf
    • http://www.gorillawalker.com/wicca-an-introductory-guide-to-wicca-spells-and-wiccan-witchcraft.pdf
    • http://www.gorillawalker.com/imago-mundi-the-journal-of-the-international-society-for-the.pdf
    • http://www.gorillawalker.com/the-mak-nyahs-malaysian-male-to-female-transsexuals-gender-studies.pdf
    • http://www.gorillawalker.com/playboy-50-years-the-cartoons.pdf
    • http://www.gorillawalker.com/how-to-argue-with-a-liberal-and-win.pdf
    • http://www.gorillawalker.com/real-sat-ii-subject-tests.pdf
    • http://www.gorillawalker.com/gonorrhea-lifestyle-tips-an-article-from-nwhrc-health-center-gonorrhea.pdf
    • http://www.gorillawalker.com/hockey-speed-agility-and-quickness-for-hockey-saq.pdf
    • http://www.gorillawalker.com/kontum-the-battle-to-save-south-vietnam-battles-and-campaigns.pdf
    • http://www.gorillawalker.com/1001-wristwatches-from-1925-to-the-present.pdf
    • http://www.gorillawalker.com/simple-mediterranean-diet-cook-book-quick-easy-mediterranean-diet-recipes.pdf
    • http://www.gorillawalker.com/the-badminton-library-golf-the-history-of-golf-kindle-edition.pdf
    • http://www.gorillawalker.com/paralegal-online-courses-family-law-on-blackboard-printed-access-card.pdf
    • http://www.gorillawalker.com/critical-care-nursing-diagnosis-and-management-7e-thelans-critical-care.pdf
    • http://www.gorillawalker.com/mechanisms-in-world-and-mind-perspective-dualism-systems-theory-neuroscience.pdf
    • http://www.gorillawalker.com/the-byzantine-wall-paintings-of-crete-art.pdf
    • http://www.gorillawalker.com/el-abc-de-la-administracion-de-pro
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    +2 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.