Malicious PDF — malware analysis report

Static analysis result for SHA-256 967825b1f495c2bb…

MALICIOUS

PDF

45.4 KB Created: 2018-11-14 08:38:50 +03:00 Authoring application: calibre 0.9.36 [http://calibre-ebook.com]
MD5: 209b6c6d0e9e8e10243274a8dbe5e5d4 SHA-1: 0940e65544de095c1b34f7f9c496f4e0d7e31bba SHA-256: 967825b1f495c2bb2df407fdebe781cf4d30eba545ab03f92fa3645a695dc8fd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be the distribution of a large number of links, potentially for SEO manipulation or to serve as a lure for users to download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pocket-guide-to-chicago-architecture.pdf
    • http://www.gorillawalker.com/best-loved-hymns-spiritual-songs-for-all-chord-organs-12.pdf
    • http://www.gorillawalker.com/full-of-changes-a-gay-step-taboo-story-book-2.pdf
    • http://www.gorillawalker.com/chalk-butterfly-flight-part-three-chalk-butterfly-trilogy-book-3.pdf
    • http://www.gorillawalker.com/analog-days-the-invention-and-impact-of-the-moog-synthesizer.pdf
    • http://www.gorillawalker.com/international-business-the-challenges-of-globalization-5th-edition.pdf
    • http://www.gorillawalker.com/ber-ttelser-ur-svenska-historie-volume-45-swedish-edition.pdf
    • http://www.gorillawalker.com/ice-cracker-ii-and-other-short-stories-the-emperor-s.pdf
    • http://www.gorillawalker.com/improvising-better-a-guide-for-the-working-improviser.pdf
    • http://www.gorillawalker.com/inside-out-of-my-mind-prose-for-the-recovering-lost.pdf
    • http://www.gorillawalker.com/wreck-valley-iii-a-record-of-shipwrecks-off-long-island.pdf
    • http://www.gorillawalker.com/go-tell-it-on-the-mountain-full-score-john-rutter.pdf
    • http://www.gorillawalker.com/world-encyclopaedia-of-aero-engines.pdf
    • http://www.gorillawalker.com/ghosts-along-the-cumberland-deathlore-in-the-kentucky-foothills.pdf
    • http://www.gorillawalker.com/wings-hesperus-modern-voices.pdf
    • http://www.gorillawalker.com/remembering-heraclitus.pdf
    • http://www.gorillawalker.com/dream-culture-bringing-dreams-to-life.pdf
    • http://www.gorillawalker.com/easy-classical-guitar-alto-recorder-duets-featuring-music-of-bach.pdf
    • http://www.gorillawalker.com/an-all-consuming-passion-origins-modernity-and-the-australian-life.pdf
    • http://www.gorillawalker.com/cite-checker-your-guide-to-using-the-bluebook-third-edition.pdf
    • http://www.gorillawalker.com/hockey-sobre-hielo-ice-hockey-entrenamiento-deportivo-spanish-edition.pdf
    • http://www.gorillawalker.com/human-virology-3rd-edition.pdf
    • http://www.gorillawalker.com/the-reflective-cause-2-alpha-warriors-of-the-cause-the.pdf
    • http://www.gorillawalker.com/15-multiplication-worksheets-with-5-digit-multiplicands-4-digit-multipliers.pdf
    • http://www.gorillawalker.com/physical-hazard-control-preventing-injuries-in-the-workplace.pdf
    • http://www.gorillawalker.com/christmas-songs-kennedy-visual-music-method-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/negotiation-theories-strategies-and-skills.pdf
    • http://www.gorillawalker.com/fundamentals-of-engineering-thermodynamics-8th-edition-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/crossways-a-novel.pdf
    • http://www.gorillawalker.com/the-story-church-campaign-kit.pdf
    • http://www.gorillawalker.com/white-fur-flying.pdf
    • http://www.gorillawalker.com/performance-indicators-for-water-supply-services.pdf
    • http://www.gorillawalker.com/the-origin-of-tragedy-with-special-reference-to-the-greek.pdf
    • http://www.gorillawalker.com/governance-and-organizational-dynamics-medical-practice-management-body-of-knowledge.pdf
    • http://www.gorillawalker.com/engineering-design-an-introduction-texas-science.pdf
    • http://www.gorillawalker.com/domainer-s-magazine-issue-11-kindle-edition.pdf
    • http://www.gorillawalker.com/red-sky-at-night.pdf
    • http://www.gorillawalker.com/vietnam-heroes-iv-the-long-ascending-cry-memories-and-recollections.pdf
    • http://www.gorillawalker.com/ophthalmology-a-brief-review-for-nurses-medical-students-and-ophthalmic.pdf
    • http://www.gorillawalker.com/blood-from-your-children-the-colonial-origins-of-generational-conflict.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.