Malicious PDF — malware analysis report

Static analysis result for SHA-256 ce6c0c51e40a3418…

MALICIOUS

PDF

43.4 KB Created: 2018-11-21 20:53:00 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: ea1573a5a13ce7cc54a4cf3d45d36bbc SHA-1: 705fae25c4b79070526513a8529a4724857aee39 SHA-256: ce6c0c51e40a3418d5e1e3537d2982c8da7bf1e13f6c408c021f17149f7522f3
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to other PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ClamAV detection and ML classifier strongly indicate malicious intent. The primary attack pattern observed is a link farm designed to lure users or search engines to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7305932-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7305932-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/restoring-our-world-soul.pdf
    • http://www.gorillawalker.com/seeds-physiology-of-development-and-germination-language-of-science.pdf
    • http://www.gorillawalker.com/eranos-yearbook-70-2009-2010-2011-kindle-edition.pdf
    • http://www.gorillawalker.com/christmas-collection-christmas-solos-for-advanced-violin-and-piano.pdf
    • http://www.gorillawalker.com/1812-a-traveler-s-guide-to-the-war-that-defined.pdf
    • http://www.gorillawalker.com/all-power-to-the-soviets-lenin-1914-1917-vol-2.pdf
    • http://www.gorillawalker.com/pollicina-italiano-francese-edizione-bilingue-la-petite-poucette-italian-edition.pdf
    • http://www.gorillawalker.com/hydraulics-and-the-mechanics-of-fluids-a-textbook-covering-the.pdf
    • http://www.gorillawalker.com/advanced-mechanics-of-structures.pdf
    • http://www.gorillawalker.com/invasian-growing-up-asian-and-female-in-the-united-states.pdf
    • http://www.gorillawalker.com/train-the-evolution-of-rail-travel.pdf
    • http://www.gorillawalker.com/the-gorilla-who-wanted-to-grow-up-jill-tomlinson-s.pdf
    • http://www.gorillawalker.com/textbook-of-clinical-periodontology-2nd-edition.pdf
    • http://www.gorillawalker.com/courage-the-cowardly-frog.pdf
    • http://www.gorillawalker.com/suck-it-hard-taboo-erotica.pdf
    • http://www.gorillawalker.com/the-seasons-of-cherryvale-kindle-edition.pdf
    • http://www.gorillawalker.com/epilepsy-perspectives-on-disease-and-illness.pdf
    • http://www.gorillawalker.com/executorship-and-administration-lawyers-practice-procedure.pdf
    • http://www.gorillawalker.com/signing-for-kids-expanded-edition.pdf
    • http://www.gorillawalker.com/tennessee-consumer-protection-act-and-related-laws-1993-edition.pdf
    • http://www.gorillawalker.com/way-of-the-wiseguy.pdf
    • http://www.gorillawalker.com/political-parties-and-national-integration-in-tropical-africa.pdf
    • http://www.gorillawalker.com/integrated-circuit-projects-vol-4-vol-4.pdf
    • http://www.gorillawalker.com/separacion-y-divorcio-spanish-edition.pdf
    • http://www.gorillawalker.com/ice-demon-a-dark-victorian-penny-dread-the-dark-victorian.pdf
    • http://www.gorillawalker.com/7-day-paleo-diet-plan-for-weight-loss-burn-fat.pdf
    • http://www.gorillawalker.com/disappearance-kindle-edition.pdf
    • http://www.gorillawalker.com/the-femdom-republic-complete-a-femdom-erotic-fantasy-romance.pdf
    • http://www.gorillawalker.com/breve-diccionario-etimologico-de-la-lengua-castellana-cappelens-kart-spanish.pdf
    • http://www.gorillawalker.com/crash-course-us-respiratory-system-with-student-consult-online-access.pdf
    • http://www.gorillawalker.com/great-lengths-the-historic-indoor-swimming-pools-of-britain-played.pdf
    • http://www.gorillawalker.com/art-of-hand-reading.pdf
    • http://www.gorillawalker.com/istanbul-en-den-haag-de-betrekkingen-tussen-het-ottomaanse-rijk.pdf
    • http://www.gorillawalker.com/anti-money-laundering-a-guide-for-the-non-executive-director.pdf
    • http://www.gorillawalker.com/clinical-medical-assisting-online-for-clinical-procedures-for-medical-assistants.pdf
    • http://www.gorillawalker.com/a-companion-to-the-works-of-heinrich-von-kleist-studies.pdf
    • http://www.gorillawalker.com/between-worlds-the-paintings-and-drawings-of-samuel-bak-from.pdf
    • http://www.gorillawalker.com/proficiency-in-grammar-and-language-for-cxc.pdf
    • http://www.gorillawalker.com/pupil-book-5c-collins-new-primary-maths.pdf
    • http://www.gorillawalker.com/his-indecent-box-set.pdf
    • http://www.gorillawalker.com/hydraulics-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    +2 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.