Malicious PDF — malware analysis report

Static analysis result for SHA-256 a64617fb43bdb9f5…

MALICIOUS

PDF

43.8 KB Created: 2018-11-23 08:08:04 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: af742a1d16c067b448dbb8ea9b2d4b92 SHA-1: 3a6e7f289743705f9688e33290bef3aea8e14ab6 SHA-256: a64617fb43bdb9f5741773d336268c5f9de51eb5446ccfac47fce1e0dc80c308
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be to host a link farm, likely for SEO manipulation or to redirect users to potentially harmful content hosted on external domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8843

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/woodlore-for-young-sportsmen-survival-in-the-wild-and-hints.pdf
    • http://www.gorillawalker.com/the-great-fire-of-london-great-events.pdf
    • http://www.gorillawalker.com/no-way-out-love-inspired-suspense-the-justice-agency.pdf
    • http://www.gorillawalker.com/cooking-books-box-set-13-ultimate-canning-preserving-food-guide.pdf
    • http://www.gorillawalker.com/religion-in-the-roman-empire.pdf
    • http://www.gorillawalker.com/the-storyteller-s-guide-american-storytelling.pdf
    • http://www.gorillawalker.com/women-and-art-contested-territory.pdf
    • http://www.gorillawalker.com/polish-your-people-skills.pdf
    • http://www.gorillawalker.com/i-sudoku-so-you-can-too-300-hard-and-very.pdf
    • http://www.gorillawalker.com/doing-action-research-in-early-childhood-studies-a-step-by.pdf
    • http://www.gorillawalker.com/quaternary-ammonium-salts-their-use-in-phase-transfer-catalysis-best.pdf
    • http://www.gorillawalker.com/purposes-of-pentecost.pdf
    • http://www.gorillawalker.com/book-of-etiquette-1921-reprint.pdf
    • http://www.gorillawalker.com/the-first-church-of-christ-scientist-in-boston-massachusetts.pdf
    • http://www.gorillawalker.com/the-mathematical-theory-of-the-top.pdf
    • http://www.gorillawalker.com/the-crisis-of-modernity.pdf
    • http://www.gorillawalker.com/kayaking-the-thames-from-a-devon-pub-to-the-meridian.pdf
    • http://www.gorillawalker.com/el-misterioso-mundo-de-los-codigos-secretos-the-mysterious-world.pdf
    • http://www.gorillawalker.com/primary-care-a-doctor-s-life-north-and-south-of.pdf
    • http://www.gorillawalker.com/the-law-of-usages-and-customs-kindle-edition.pdf
    • http://www.gorillawalker.com/laugh-til-the-mascara-runs-2011-daily-boxed-calendar-calendar.pdf
    • http://www.gorillawalker.com/bono-fighting-world-hunger-and-poverty-celebrity-activists.pdf
    • http://www.gorillawalker.com/il-quinto-vangelo-enewton-narrativa-italian-edition.pdf
    • http://www.gorillawalker.com/ancient-mysteries-described-especially-the-english-miracle-plays-founded-on.pdf
    • http://www.gorillawalker.com/ich-bin-der-erste-gedanke-trimorphic-protennoia-german-edition.pdf
    • http://www.gorillawalker.com/jumbo-the-opening-of-the-mass-rapid-transit-era-chukoshinsho.pdf
    • http://www.gorillawalker.com/the-44-gun-frigate-uss-constitution-old-ironsides-anatomy-of.pdf
    • http://www.gorillawalker.com/principles-of-orchestration.pdf
    • http://www.gorillawalker.com/fourth-book-of-lessons-for-the-use-of-schools-authorized.pdf
    • http://www.gorillawalker.com/strike-songs-of-the-depression-american-made-music.pdf
    • http://www.gorillawalker.com/lww-docucare-one-year-access-plus-laerdal-vsim-for-med.pdf
    • http://www.gorillawalker.com/mot-genesis-mastering-the-old-testament-vol-1.pdf
    • http://www.gorillawalker.com/the-case-of-the-pope-vatican-accountability-for-human-rights.pdf
    • http://www.gorillawalker.com/eccentric-man-a-biography-discography-of-tony-ts-mcphee.pdf
    • http://www.gorillawalker.com/foghorn-outdoors-101-great-hikes-of-the-san-francisco-bay.pdf
    • http://www.gorillawalker.com/the-everything-budgeting-book-practical-advice-for-spending-less-increasing.pdf
    • http://www.gorillawalker.com/how-to-develop-your-sense-of-humor-an-8-step.pdf
    • http://www.gorillawalker.com/the-anatomy-of-a-lawsuit.pdf
    • http://www.gorillawalker.com/politics-memory-and-public-opinion-the-history-textbook-controversy-and.pdf
    • http://www.gorillawalker.com/innovative-intelligence-the-art-and-practice-of-leading-sustainable-innovation.pdf
    • http://www.gorillawalker.com/the-storyteller-s-guide-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.