Malicious PDF — malware analysis report

Static analysis result for SHA-256 c3caac26aca7d320…

MALICIOUS

PDF

43.9 KB Created: 2018-12-02 20:16:40 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: 7072a3f4475703e01ea626a2147c8e5a SHA-1: 81e5597ed6da780af4da56bd4e77011a1c4d1b19 SHA-256: c3caac26aca7d3206860e3b2365eba56ae9faef39d9696f4984bdda3d1149cc6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The embedded URLs suggest a link farm or SEO manipulation tactic, potentially distributing further malicious content or leading users to phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/magical-x-miracle-vol-2.pdf
    • http://www.gorillawalker.com/national-square-dance-directory-2005.pdf
    • http://www.gorillawalker.com/nonlinear-programming-sequential-unconstrained-minimization-techniques-classics-in-applied-mathematics.pdf
    • http://www.gorillawalker.com/biomathematics-volume-2-4ed.pdf
    • http://www.gorillawalker.com/public-law-text-cases-and-materials-2e.pdf
    • http://www.gorillawalker.com/the-artificer-s-patroness.pdf
    • http://www.gorillawalker.com/home-sweet-homes-how-bundt-cakes-bubble-wrap-and-my.pdf
    • http://www.gorillawalker.com/application-of-praise-and-worship-how-to-conduct-praise-and.pdf
    • http://www.gorillawalker.com/the-silent-girls.pdf
    • http://www.gorillawalker.com/the-tennis-partner.pdf
    • http://www.gorillawalker.com/v-i-lenin-on-youth.pdf
    • http://www.gorillawalker.com/qualcosa-di-molto-speciale-enewton-narrativa-italian-edition.pdf
    • http://www.gorillawalker.com/chronic-total-occlusion-after-the-heart-attack-the-statins-and.pdf
    • http://www.gorillawalker.com/organic-photonic-materials-and-devices-ix-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/women-and-distance-education-challenges-and-opportunities.pdf
    • http://www.gorillawalker.com/learning-teaching-and-musical-identity-voices-across-cultures-counterpoints-music.pdf
    • http://www.gorillawalker.com/taken-by-the-men-who-raised-me-volume-7.pdf
    • http://www.gorillawalker.com/twenty-short-pieces-for-piano-sports-et-divertissements-dover-music.pdf
    • http://www.gorillawalker.com/aliquot-cycles-for-elliptic-curves-with-complex-multiplication.pdf
    • http://www.gorillawalker.com/st-paul-miniature-score-german-english-language-edition-miniature-score.pdf
    • http://www.gorillawalker.com/retribution-justice-and-therapy-essays-in-the-philosophy-of-law.pdf
    • http://www.gorillawalker.com/molly-brown-s-capitol-hill-neighborhood-historic-denver-guides.pdf
    • http://www.gorillawalker.com/pass-thru-fire-the-collected-lyrics.pdf
    • http://www.gorillawalker.com/lost-highways-an-illustrated-history-of-road-movies.pdf
    • http://www.gorillawalker.com/the-new-encyclopedia-of-orchids-1500-species-in-cultivation.pdf
    • http://www.gorillawalker.com/jesus-comes-to-me-preparation-for-first-confession-and-first.pdf
    • http://www.gorillawalker.com/natural-gas-processing-technology-and-engineering-design-kindle-edition.pdf
    • http://www.gorillawalker.com/policy-recommendations-for-smoking-cessation-and-treatment-of-tobacco-dependence.pdf
    • http://www.gorillawalker.com/kids-can-knit-fun-and-easy-projects-for-small-knitters.pdf
    • http://www.gorillawalker.com/south-pacific-vocal-selection-sheet-music-contents-some-enchanted-evening.pdf
    • http://www.gorillawalker.com/a-dish-best-served-cold-an-italian-kitchen-mystery.pdf
    • http://www.gorillawalker.com/sister-parish-american-style.pdf
    • http://www.gorillawalker.com/static-line-parachuting-techniques-and-training-field-manual-fm-3.pdf
    • http://www.gorillawalker.com/becoming-a-life-coach-a-complete-workbook-for-therapists.pdf
    • http://www.gorillawalker.com/ghosts-magic-tree-house-research-guide.pdf
    • http://www.gorillawalker.com/a-record-of-buddhistic-kingdoms-translated-by-james-legge.pdf
    • http://www.gorillawalker.com/coaching-for-breakthrough-success-proven-techniques-for-making-impossible-dreams.pdf
    • http://www.gorillawalker.com/word-games-superbooks.pdf
    • http://www.gorillawalker.com/immigration-in-america-today-an-encyclopedia.pdf
    • http://www.gorillawalker.com/out-of-the-garden-toys-and-children-s-culture-in.pdf
    • http://www.gorillawalker.com/ap
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.