Malicious PDF — malware analysis report

Static analysis result for SHA-256 b5935313df9dff08…

MALICIOUS

PDF

49.5 KB Created: 2018-12-07 18:27:17 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 194207bbc644a3b09222017b7aa741d0 SHA-1: 32690b6caa203f33bda46eb44608feb7c1779662 SHA-256: b5935313df9dff082c71852ab354b5f1f5e9b60647e467592b46262f8491dacd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to other PDF files, all hosted on the domain www.gorillawalker.com. This behavior is indicative of a link farm, likely intended for SEO manipulation or to distribute a large volume of content, potentially malicious. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8876

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/spiritual-hospital-bible-studies-24-the-power-in-the-blood.pdf
    • http://www.gorillawalker.com/the-flying-witches-of-veracruz-a-shaman-s-true-story.pdf
    • http://www.gorillawalker.com/bob-wills-king-of-western-swing-piano-vocal-guitar-artist.pdf
    • http://www.gorillawalker.com/christmas-memories-a-keepsake-book-from-the-heart-of-the.pdf
    • http://www.gorillawalker.com/provoked-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/book-of-art-a-pictorial-encyclopedia-of-painting-drawing-and.pdf
    • http://www.gorillawalker.com/the-upland-alleghenies-sixteen-years-of-west-virginia-woodcock-and.pdf
    • http://www.gorillawalker.com/long-pilgrimage-the-life-and-teaching-of-the-shivapuri-baba.pdf
    • http://www.gorillawalker.com/berkshire-region-waterfall-guide-cool-cascades-of-the-berkshire-taconic.pdf
    • http://www.gorillawalker.com/sugar-or-sex-an-invaluable-companion-live-free-from-sugar.pdf
    • http://www.gorillawalker.com/down-to-earth-weight-watchers-magazine-cookbook.pdf
    • http://www.gorillawalker.com/sad-isn-t-bad-a-good-grief-guidebook-for-kids.pdf
    • http://www.gorillawalker.com/witchblade-volume-6.pdf
    • http://www.gorillawalker.com/lost-in-shangri-la-enhanced-edition-a-true-story-of.pdf
    • http://www.gorillawalker.com/the-multiple-sclerosis-manifesto-by-stachowiak-phd-julie-demos-health.pdf
    • http://www.gorillawalker.com/travels-in-north-america-during-the-years-1834-1835-1836.pdf
    • http://www.gorillawalker.com/cancer-it-s-proper-treatment-and-cure-the-value-of.pdf
    • http://www.gorillawalker.com/general-principles-of-law-as-applied-by-international-courts-and.pdf
    • http://www.gorillawalker.com/mathematics-all-around-plus-new-mymathlab-with-pearson-etext-access.pdf
    • http://www.gorillawalker.com/the-next-money-crash-and-how-to-avoid-it-proceedings.pdf
    • http://www.gorillawalker.com/grab-criminal-law-by-the-neck-and-pass-authors-of.pdf
    • http://www.gorillawalker.com/three-disease-diet-cancer-diabetes-hepatitis-b-questions-and-answers.pdf
    • http://www.gorillawalker.com/we-were-the-least-of-these-reading-the-bible-with.pdf
    • http://www.gorillawalker.com/lippincott-s-manual-of-psychiatric-nursing-care-plans.pdf
    • http://www.gorillawalker.com/fodor-s-in-focus-dubai-1st-edition-travel-guide.pdf
    • http://www.gorillawalker.com/saliva-and-dental-caries-proceedings-of-a-workshop-on-saliva.pdf
    • http://www.gorillawalker.com/middle-english-legends-of-women-saints-middle-english-texts.pdf
    • http://www.gorillawalker.com/etudes-for-trumpet-orchestra-etudes-and-last-etudes.pdf
    • http://www.gorillawalker.com/the-hidden-stairs-and-the-magic-carpet-the-secrets-of.pdf
    • http://www.gorillawalker.com/skipdrive-kindle-edition.pdf
    • http://www.gorillawalker.com/re-collecting-black-hawk-landscape-memory-and-power-in-the.pdf
    • http://www.gorillawalker.com/power-primer-a-nontechnical-guide-from-generation-to-end-use.pdf
    • http://www.gorillawalker.com/essence-of-electric-power-systems.pdf
    • http://www.gorillawalker.com/emerita-city-on-the-edge-kindle-edition.pdf
    • http://www.gorillawalker.com/kokin-wakashu-the-first-imperial-anthology-of-japanese-poetry-with.pdf
    • http://www.gorillawalker.com/iso-7183-1986-compressed-air-dryers-specifications-and-testing.pdf
    • http://www.gorillawalker.com/how-to-taste-wine-and-evaluate-it-kindle-edition.pdf
    • http://www.gorillawalker.com/california-workers-comp-how-to-take-charge-when-you-re.pdf
    • http://www.gorillawalker.com/bourgeois-hinduism-or-faith-of-the-modern-vedantists-rare-discourses.pdf
    • http://www.gorillawalker.com/monsanto-sucks-a-poem-kindle-edition.pdf
    • http://www.gorillawalker.com/book-of-art-a-pi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    +2 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.