Malicious PDF — malware analysis report

Static analysis result for SHA-256 c362fce038d765b1…

MALICIOUS

PDF

43.6 KB Created: 2018-12-15 20:54:52 +03:00 Authoring application: calibre 0.9.31 [http://calibre-ebook.com]
MD5: cf998bc7bc6c0583f429e268831a3fa2 SHA-1: 8f7371ea5a5ba97d57fce5318f448c63190a2b92 SHA-256: c362fce038d765b15142bdaefa08bdf40c9c44c9a6a589745b946a51d20b280a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or content distribution tactic. The ML classifier also flagged the PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-as-in-africa-my-alphabet-and-word-practice-book.pdf
    • http://www.gorillawalker.com/schubert-his-greatest-songs-38-lieder.pdf
    • http://www.gorillawalker.com/van-nostrand-s-scientific-encyclopedia-3rd-edition-1958.pdf
    • http://www.gorillawalker.com/nbde-part-i-anatomy-specialty-review-and-self-assessment-statpearls.pdf
    • http://www.gorillawalker.com/system-control-and-rough-paths-oxford-mathematical-monographs.pdf
    • http://www.gorillawalker.com/philosophie-des-lois-au-point-de-vue-chr-tien-french.pdf
    • http://www.gorillawalker.com/cardiovascular-biomechanics-new-york-university-biomedical-engineering-series.pdf
    • http://www.gorillawalker.com/enviroscapes-scapes-coloring-books.pdf
    • http://www.gorillawalker.com/power-up-female-pop-art.pdf
    • http://www.gorillawalker.com/flight-of-the-tuba-bee-cable.pdf
    • http://www.gorillawalker.com/slave-of-darkness-enslaved-by-a-sexual-obsession.pdf
    • http://www.gorillawalker.com/the-organic-chemistry-of-drug-design-and-drug-action-third.pdf
    • http://www.gorillawalker.com/surreal-digital-photography-the-photographer-s-digital-trickery-handbook.pdf
    • http://www.gorillawalker.com/problems-of-american-democracy-political-economic-social-primary-source-edition.pdf
    • http://www.gorillawalker.com/anderson-s-ohio-school-law-guide-2009-edition-supplement.pdf
    • http://www.gorillawalker.com/gamma-ray-line-astrophysics-aip-conference-proceedings.pdf
    • http://www.gorillawalker.com/the-smell-of-good-mud.pdf
    • http://www.gorillawalker.com/eu-energy-law.pdf
    • http://www.gorillawalker.com/on-the-origin-of-species-6th-edition-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/fundamentals-of-destination-management-and-marketing.pdf
    • http://www.gorillawalker.com/the-global-climate-system-patterns-processes-and-teleconnections.pdf
    • http://www.gorillawalker.com/trigonometry-a-unit-circle-approach-books-a-la-carte-edition.pdf
    • http://www.gorillawalker.com/hiv-interactions-with-host-cell-proteins-current-topics-in-microbiology.pdf
    • http://www.gorillawalker.com/mastering-sambo-for-mixed-martial-arts.pdf
    • http://www.gorillawalker.com/give-thanks-with-a-grateful-heart.pdf
    • http://www.gorillawalker.com/the-good-life-up-the-yukon-without-a-paddle.pdf
    • http://www.gorillawalker.com/dark-music.pdf
    • http://www.gorillawalker.com/for-the-love-of-cities-kindle-edition.pdf
    • http://www.gorillawalker.com/upper-respiratory-tract-infections-physician-s-reference-respiratory-diseases.pdf
    • http://www.gorillawalker.com/standing-the-waterblaze-trilogy-volume-1.pdf
    • http://www.gorillawalker.com/the-medea-hypothesis-is-life-on-earth-ultimately-self-destructive.pdf
    • http://www.gorillawalker.com/get-back-in-the-box-how-being-great-at-what.pdf
    • http://www.gorillawalker.com/the-abrupt-physics-of-dying-claymore-straker.pdf
    • http://www.gorillawalker.com/the-death-of-the-adversary-a-novel.pdf
    • http://www.gorillawalker.com/bending-the-light.pdf
    • http://www.gorillawalker.com/my-first-number-board-book-my-1st-board-books.pdf
    • http://www.gorillawalker.com/island-ocean-and-deep-sea-biology-proceedings-of-the-34th.pdf
    • http://www.gorillawalker.com/methods-and-principles-of-hungarian-ethnomusicology.pdf
    • http://www.gorillawalker.com/proceedings-of-the-1992-bipolar-bicmos-circuits-and-technology-meeting.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.