Malicious PDF — malware analysis report

Static analysis result for SHA-256 caa265fb1c777ca3…

MALICIOUS

PDF

45.4 KB Created: 2018-12-11 20:45:26 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: c7177b7024aff34c03f84f3294b67fd8 SHA-1: e7367db753e3b2ac457c4ea08ae50a66184e97c4 SHA-256: caa265fb1c777ca30ce33e1af341843941eb8f40824e7284be99f9ee0397c3af
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. The heuristic specifically identified a 'PDF_SEO_LINK_FARM' with 32 external PDF links, primarily pointing to URLs on 'gorillawalker.com'. This suggests the document's primary purpose is to redirect users to a vast collection of other PDFs, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/wishes-lies-and-dreams.pdf
    • http://www.gorillawalker.com/the-calculus-of-consent-collected-works-of-james-m-buchanan.pdf
    • http://www.gorillawalker.com/skiing-technique-tactics-training-crowood-sports-guides.pdf
    • http://www.gorillawalker.com/requiem-vocal-score.pdf
    • http://www.gorillawalker.com/supporting-children-with-autism-in-mainstream-schools.pdf
    • http://www.gorillawalker.com/harry-potter-collector-s-handbook-kindle-edition.pdf
    • http://www.gorillawalker.com/study-guide-for-steinberg-s-development-infancy-through-adolescence.pdf
    • http://www.gorillawalker.com/thermal-expansion-nonmetallic-solids-thermophysical-properties-of-matter.pdf
    • http://www.gorillawalker.com/gronked-digital.pdf
    • http://www.gorillawalker.com/papi-largo-recorrido-spanish-edition.pdf
    • http://www.gorillawalker.com/aliens-rogue.pdf
    • http://www.gorillawalker.com/world-tariff-profiles-2014.pdf
    • http://www.gorillawalker.com/le-secret-des-huiles-essentielles-french-edition.pdf
    • http://www.gorillawalker.com/pottery-in-archaeology-cambridge-manuals-in-archaeology.pdf
    • http://www.gorillawalker.com/the-fame-equation-a-cat-enright-equestrian-mystery.pdf
    • http://www.gorillawalker.com/creating-musical-theatre-conversations-with-broadway-directors-and-choreographers.pdf
    • http://www.gorillawalker.com/basic-attainments-programme-pb-special-education.pdf
    • http://www.gorillawalker.com/formation-of-conscience-br-a-moral-theological-problem-a-study.pdf
    • http://www.gorillawalker.com/baby-blues-2010-day-to-day-calendar.pdf
    • http://www.gorillawalker.com/interventions-for-amphetamine-misuse-addiction-press.pdf
    • http://www.gorillawalker.com/catalogue-of-the-fossil-mammalia-in-the-british-museum-part.pdf
    • http://www.gorillawalker.com/algebra-ii-set-eureka-math.pdf
    • http://www.gorillawalker.com/freedom-from-pain-the-breakthrough-method-of-pain-relief-based.pdf
    • http://www.gorillawalker.com/losing-to-win-the-1996-elections-and-american-politics-studies.pdf
    • http://www.gorillawalker.com/the-guards-a-novel-jack-taylor-series-book-1.pdf
    • http://www.gorillawalker.com/miles-from-tomorrowland-mighty-merc.pdf
    • http://www.gorillawalker.com/prayers-that-cite-scripture-biblical-quotation-in-jewish-prayers-from.pdf
    • http://www.gorillawalker.com/ah-mi-diosa-21-oh-my-goddess-21-cofre-de.pdf
    • http://www.gorillawalker.com/at-the-forks-of-the-delaware-1794-1811-chronicles-of.pdf
    • http://www.gorillawalker.com/thinking-of-others-on-the-talent-for-metaphor-princeton-monographs.pdf
    • http://www.gorillawalker.com/personal-shorthand-for-the-journalist.pdf
    • http://www.gorillawalker.com/untold-the-stories-behind-the-photographs.pdf
    • http://www.gorillawalker.com/winterdance-fine-madness-of-running-the-iditarod-1995-publication.pdf
    • http://www.gorillawalker.com/fodor-s-california-2002-the-guide-for-all-budgets-updated.pdf
    • http://www.gorillawalker.com/each-moment-is-the-universe-zen-and-the-way-of.pdf
    • http://www.gorillawalker.com/teaching-gifted-kids-in-the-regular-classroom-strategies-and-techniques.pdf
    • http://www.gorillawalker.com/title-5-code-of-federal-regulations-administrative-personnel-volume-3.pdf
    • http://www.gorillawalker.com/informe-que-se-dio-al-excmo-sr-presidente-de-la.pdf
    • http://www.gorillawalker.com/where-the-hell-is-myra-atkins.pdf
    • http://www.gorillawalker.com/oy-joy.pdf
    • http://www.gorillawalker.com/study-guide-for-steinberg-s-development-infancy-thr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.