Malicious PDF — malware analysis report

Static analysis result for SHA-256 a1caa4f32240d09b…

MALICIOUS

PDF

40.8 KB Created: 2018-11-23 08:08:46 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 2ddbb5e58de40e3b93dfcd85e0f0ea03 SHA-1: 67522004d658836a4cad07c8333c5dae71dad9c5 SHA-256: a1caa4f32240d09b4ca8340a731f0c682be5732886d1429012306806c099c1a9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various book titles hosted on www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged this document as malicious. The embedded URLs are the primary indicators of malicious activity, suggesting a link farm designed to distribute or redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/isis-unveiled-vol-1-of-2-forgotten-books.pdf
    • http://www.gorillawalker.com/cultureshock-bangkok-a-survival-guide-to-customs-and-etiquette.pdf
    • http://www.gorillawalker.com/internal-audit-quality-developing-a-quality-assurance-and-improvement-program.pdf
    • http://www.gorillawalker.com/kenya-s-song.pdf
    • http://www.gorillawalker.com/turning-debts-into-dollars-a-common-sense-guide-to-extending.pdf
    • http://www.gorillawalker.com/istria-international-road-map.pdf
    • http://www.gorillawalker.com/plato-s-bedroom-ancient-wisdom-and-modern-love.pdf
    • http://www.gorillawalker.com/adolescence-and-emerging-adulthood-plus-new-mypsychlab-with-pearson-etext.pdf
    • http://www.gorillawalker.com/photofunctionalization-of-molecular-switch-based-on-pyrimidine-ring-rotation-in.pdf
    • http://www.gorillawalker.com/systemes-differentiels-involutifs.pdf
    • http://www.gorillawalker.com/telescopes-tides-and-tactics-a-galilean-dialogue-about-the-starry.pdf
    • http://www.gorillawalker.com/minecraft-quest-for-survival-mystery-of-the-nether-star.pdf
    • http://www.gorillawalker.com/helminths-arthropods-and-protozoa-of-domesticated-animals.pdf
    • http://www.gorillawalker.com/the-highlander-s-choice-entangled-scandalous-marriage-mart-mayhem.pdf
    • http://www.gorillawalker.com/encyclopedia-of-rap-and-hip-hop-culture.pdf
    • http://www.gorillawalker.com/keys-to-success-service-learning-keys-franchise.pdf
    • http://www.gorillawalker.com/beyblade.pdf
    • http://www.gorillawalker.com/believing-in-russia-religious-policy-after-communism-routledge-contemporary-russia.pdf
    • http://www.gorillawalker.com/silman-s-complete-endgame-course-from-beginner-to-master.pdf
    • http://www.gorillawalker.com/crete-berlitz-guidemap-berlitz-holiday-z-guidemaps.pdf
    • http://www.gorillawalker.com/a-to-z-of-american-women-writers-a-to-z.pdf
    • http://www.gorillawalker.com/savage-night.pdf
    • http://www.gorillawalker.com/hooked-how-to-build-habit-forming-products.pdf
    • http://www.gorillawalker.com/escort-in-training.pdf
    • http://www.gorillawalker.com/sources-of-east-asian-tradition-vol-2-the-modern-period.pdf
    • http://www.gorillawalker.com/head-movement-in-syntax-linguistik-aktuell-linguistics-today-digital.pdf
    • http://www.gorillawalker.com/persuasive-imagery-a-consumer-response-perspective-advertising-and-consumer-psychology.pdf
    • http://www.gorillawalker.com/terror-of-the-mountain-man-kindle-edition.pdf
    • http://www.gorillawalker.com/development-in-crisis-threats-to-human-well-being-in-the.pdf
    • http://www.gorillawalker.com/celebro-yeshua-la-pascua-la-noche-antes-de-morir-spanish.pdf
    • http://www.gorillawalker.com/nitnem-and-ardaas.pdf
    • http://www.gorillawalker.com/asian-energy-security-the-maritime-dimension.pdf
    • http://www.gorillawalker.com/handbook-of-magnetic-materials-volume-18.pdf
    • http://www.gorillawalker.com/positive-attracting-the-simple-seven-step-system-for-more-love.pdf
    • http://www.gorillawalker.com/secrets-of-a-kept-woman-2-secrets-series-volume-2.pdf
    • http://www.gorillawalker.com/las-reacciones-qu.pdf
    • http://www.gorillawalker.com/introduction-to-mathematical-methods-in-physics.pdf
    • http://www.gorillawalker.com/a-guide-to-basic-law-and-procedures-under-the-national.pdf
    • http://www.gorillawalker.com/lonely-planet-taiwan-country-travel-guide.pdf
    • http://www.gorillawalker.com/size-structured-populations-ecology-and-evolution.pdf
    • http://www.gorillawa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    +2 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.