Malicious PDF — malware analysis report

Static analysis result for SHA-256 a3ea68c40718018d…

MALICIOUS

PDF

32.0 KB Created: 2019-05-18 14:49:47 +03:00 Authoring application: calibre 0.9.8 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: d1974b882d8b5f1366563dfd2391111b SHA-1: 1d5df8c31547893e9cfaf08baa2554370f834660 SHA-256: a3ea68c40718018d5eba199fe9344493b87ce3f2fab0b54bd81391b5a89792ca
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a link farm, indicating a large number of external links. The embedded URLs point to various PDF files on the domain 'gorillawalker.com'. This suggests the document's primary purpose is to redirect users to a large collection of external resources, likely for SEO manipulation or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lancelot-s-challenge-the-knights-of-camelot-book-4-kindle.pdf
    • http://www.gorillawalker.com/don-juan-op-20-cello-part-qty-3-a2119.pdf
    • http://www.gorillawalker.com/advances-in-optimization-and-numerical-analysis-mathematics-and-its-applications.pdf
    • http://www.gorillawalker.com/sonia-sotomayor-extraordinary-women.pdf
    • http://www.gorillawalker.com/weight-watchers-pocket-guide-2013.pdf
    • http://www.gorillawalker.com/best-garden-plants-for-saskatchewan-and-manitoba.pdf
    • http://www.gorillawalker.com/comprehension-and-critical-thinking-grade-6-time-for-kids.pdf
    • http://www.gorillawalker.com/wallpaper-city-guide-lisbon-wallpaper-city-guides.pdf
    • http://www.gorillawalker.com/complete-offensive-line.pdf
    • http://www.gorillawalker.com/new-frontier-of-copyright-law-and-fair-use-on-the.pdf
    • http://www.gorillawalker.com/campus-scientific-experiments-ecological-science-experiments.pdf
    • http://www.gorillawalker.com/girl-singer.pdf
    • http://www.gorillawalker.com/wien-perspektiven-einer-stadt-panoramen-luftaufnahmen-detailansichten-german-edition.pdf
    • http://www.gorillawalker.com/american-dreamer-bucky-fuller-and-the-sacred-geometry-of-nature.pdf
    • http://www.gorillawalker.com/tad-and-dad.pdf
    • http://www.gorillawalker.com/nature-and-culture-in-the-iliad-the-tragedy-of-hector.pdf
    • http://www.gorillawalker.com/safety-nutrition-and-health-in-early-education.pdf
    • http://www.gorillawalker.com/intermediate-algebra-a-straightforward-approach.pdf
    • http://www.gorillawalker.com/just-keep-swimming-step-into-reading-step-1.pdf
    • http://www.gorillawalker.com/king-of-the-pond-el-rey-del-estanque-with-cd.pdf
    • http://www.gorillawalker.com/the-history-of-belgium-part-1-c-sar-to-waterloo.pdf
    • http://www.gorillawalker.com/gao-xingjian-s-post-exile-plays-transnationalism-and-postdramatic-theatre.pdf
    • http://www.gorillawalker.com/works-about-john-dewey-1886-1995.pdf
    • http://www.gorillawalker.com/dirty-pair-dangerous-acquaintances.pdf
    • http://www.gorillawalker.com/the-future-is-short-science-fiction-in-a-flash.pdf
    • http://www.gorillawalker.com/codes-on-euclidean-spheres-volume-63-north-holland-mathematical-library.pdf
    • http://www.gorillawalker.com/louis-auchincloss-a-writer-s-life.pdf
    • http://www.gorillawalker.com/molecular-microbial-ecology-advanced-methods.pdf
    • http://www.gorillawalker.com/shine-while-you-dine-business-dining-etiquette-for-the-virtual.pdf
    • http://www.gorillawalker.com/walk-across-the-sea-aladdin-historical-fiction.pdf
    • http://www.gorillawalker.com/the-little-engine-that-could-easy-to-read.pdf
    • http://www.gorillawalker.com/secrets-of-backyard-bird-photography.pdf
    • http://www.gorillawalker.com/strange-fruit-billie-holiday-cafe-society-and-an-early-cry.pdf
    • http://www.gorillawalker.com/disney-greats-for-cello-instrumental-play-along-pack-hal-leonard.pdf
    • http://www.gorillawalker.com/embracing-our-complexity-thomas-aquinas-and-zhu-xi-on-power.pdf
    • http://www.gorillawalker.com/staying-alive-behind-the-badge-of-honor.pdf
    • http://www.gorillawalker.com/menage-the-outrageous-beautiful-of-her-was-spectacular-menage-romance.pdf
    • http://www.gorillawalker.com/how-i-came-to-be-a-writer.pdf
    • http://www.gorillawalker.com/lasers-and-energy-devices-for-the-skin.pdf
    • http://www.gorillawalker.com/bellfield-hall-or-the-deductions-of-miss-dido-kent-dido.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.