Malicious PDF — malware analysis report

Static analysis result for SHA-256 d57f197e7db61fda…

MALICIOUS

PDF

1.68 MB Created: 2023-09-21 10:21:56 +00:00 Authoring application: calibre (6.8.0) [https://calibre-ebook.com] First seen: 2026-06-11
MD5: 230440a1ea4be2901fed8086268c90cd SHA-1: 2abe34c0895d45776a809c2b8fdc78ccc42f0d60 SHA-256: d57f197e7db61fdac37381f9eb759e1e6cac15a1745e1245540d4f45c9d597d3
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.1431

Heuristics 4

  • Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LURE
    Document describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
  • Unusually high stream count medium PDF_MANY_STREAMS
    PDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.ellekennedy.com/connected-books/off-campus/ In PDF document text
    • http://www.sarinabowen.com/In PDF document text
    • http://authorerinwatt.com/In PDF document text
    • http://www.ellekennedy.com/connected-books/killer-instincts/In PDF document text
    • http://www.ellekennedy.com/connected-books/outlaws/In PDF document text
    • http://www.ellekennedy.com/connected-books/out-of-uniform/In PDF document text
    • http://www.ellekennedy.com/connected-books/after-hours/In PDF document text
    • http://www.ellekennedy.com/connected-books/dreammakers/In PDF document text
    • http://www.ellekennedy.com/In PDF document text
    • https://calibre-ebook.com])/ModDate(D:20230921162157+06In PDF document text
    • http://amzn.to/1dUWYYtPDF link annotation
    • http://amzn.to/1GgCMXDIn PDF document text
    • http://amzn.to/1hQjG67In PDF document text
    • http://amzn.to/1W2QiM1In PDF document text
    • http://eepurl.com/OR9crIn PDF document text
    • https://www.facebook.com/groups/804368163002424/In PDF document text
    • http://www.amazon.com/Him-Sarina-Bowen-ebook/dp/B011LSLI9G/?tag=sarinabowen-20In PDF document text
    • https://www.amazon.com/Us-Him-Book-Sarina-Bowen-ebook/dp/B01C4LE5EO?tag=sarinabcom-20In PDF document text
    • https://www.amazon.com/Paper-Princess-Novel-Royals-Book-ebook/dp/B01DT9ZWNIIn PDF document text
    • https://www.facebook.com/AuthorElleKennedyIn PDF document text
    • https://twitter.com/ElleKennedyIn PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/photoshop/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.iec.chIn PDF document text
    • https://calibre-ebook.comIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_203_off00136176.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x136176 77796 bytes
SHA-256: fd73de98409d9920dca806d1cfbf4331ef3170364d8dec988f74f3910d605a3b
font_00_sfnt_off0007cd55.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7CD55 16744 bytes
SHA-256: a05799fb950109ebd0d38d13564c87e6b895eb23fe4a257b39063d12d038ff3f

Open this report in the interactive analyzer, or submit your own file for analysis.