Malicious PDF — malware analysis report

Static analysis result for SHA-256 d3abded9b97a930c…

MALICIOUS

PDF

44.9 KB Created: 2018-12-15 21:26:18 +03:00 Authoring application: calibre 0.9.36 [http://calibre-ebook.com]
MD5: 1ee48e23e94135ad5431f81f1fbca079 SHA-1: 892c0cc395ef919b03eb177d6d614624ebfc1291 SHA-256: d3abded9b97a930cb8d6df5048d3271d0b31bb3db2949f0765ea8c9b150e110f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links predominantly point to PDFs hosted on www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The document body was unreadable, but the link farm suggests a tactic to drive traffic to external resources, potentially for SEO manipulation or to serve further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/black-tie-one-heart-three-lovers.pdf
    • http://www.gorillawalker.com/who-was-queen-victoria.pdf
    • http://www.gorillawalker.com/bernini-the-sculpture-of-the-roman-baroque.pdf
    • http://www.gorillawalker.com/thomas-nast-s-christmas-drawings-dover-fine-art-history-of.pdf
    • http://www.gorillawalker.com/je-suis-petite-moi-jiena-zghira-un-livre-d-images.pdf
    • http://www.gorillawalker.com/tents-in-the-clouds-tr.pdf
    • http://www.gorillawalker.com/organic-agriculture-sustainability-markets-and-policies-cabi-cabi.pdf
    • http://www.gorillawalker.com/mage-sorcerers-crusade-mage-the-sorcerers-crusade.pdf
    • http://www.gorillawalker.com/digital-photography-for-the-over-50s-in-simple-steps.pdf
    • http://www.gorillawalker.com/mastering-the-twister-jiu-jitsu-for-mixed-martial-arts-competition.pdf
    • http://www.gorillawalker.com/future-health-vitalizing-foods-juicing-blending-kindle-edition.pdf
    • http://www.gorillawalker.com/under-a-falling-star-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-stop-smoking-in-50-days.pdf
    • http://www.gorillawalker.com/the-center-holds.pdf
    • http://www.gorillawalker.com/tractor-turn-the-wheel.pdf
    • http://www.gorillawalker.com/the-american-occupation-of-the-philippines-1898-1912.pdf
    • http://www.gorillawalker.com/strategies-of-multinational-corporations-and-social-regulations-european-and-asian.pdf
    • http://www.gorillawalker.com/c-mo-entender-la-salvaci-n-una-de-las-siete.pdf
    • http://www.gorillawalker.com/moving-mountains-how-the-dream-to-climb-the-seven-summits.pdf
    • http://www.gorillawalker.com/smart-beta-investing-a-500-word-introduction.pdf
    • http://www.gorillawalker.com/by-the-hanukkah-light-hardcover.pdf
    • http://www.gorillawalker.com/el-secreto-del-drag-n-las-13-espadas-n-1.pdf
    • http://www.gorillawalker.com/the-man-who-counted-infinity-and-other-short-stories-from.pdf
    • http://www.gorillawalker.com/sex-changes-the-politics-of-transgenderism.pdf
    • http://www.gorillawalker.com/airbus-a300-airliner-color-history.pdf
    • http://www.gorillawalker.com/essential-elements-piano-theory-level-1.pdf
    • http://www.gorillawalker.com/the-rubber-country-of-the-amazon-a-detailed-description-of.pdf
    • http://www.gorillawalker.com/women-s-studies-and-culture-a-feminist-introduction.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-operator-organizational-direct-support-and-general.pdf
    • http://www.gorillawalker.com/fiber-optic-communications-traditional-chinese-edition.pdf
    • http://www.gorillawalker.com/the-art-of-bone-casting-the-ancient-way-of-divination.pdf
    • http://www.gorillawalker.com/effective-helping-interviewing-and-counseling-techniques.pdf
    • http://www.gorillawalker.com/we-troubled-the-waters.pdf
    • http://www.gorillawalker.com/tarsier-man-greeks-and-freaks-kindle-edition.pdf
    • http://www.gorillawalker.com/12-miracles-of-spiritual-growth-a-path-of-healing-from.pdf
    • http://www.gorillawalker.com/god-s-word-heals.pdf
    • http://www.gorillawalker.com/en-bicicleta-c-mo-nos-trasladamos-spanish-edition.pdf
    • http://www.gorillawalker.com/investing-in-food-development-centre-studies.pdf
    • http://www.gorillawalker.com/medical-biochemistry-with-student-consult-online-access-3e-medial-biochemistry.pdf
    • http://www.gorillawalker.com/how-to-write-up-a-motion-for-pro-bono-counsel.pdf
    • http://www.gorillawalker.com/bernini-the-sculpture-of-the-roman-baro
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.