Malicious PDF — malware analysis report

Static analysis result for SHA-256 db1a279ea4e88a4f…

MALICIOUS

PDF

41.9 KB Created: 2018-11-14 08:15:39 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: 88db8ee7c342d1019e0eb65c3406dc48 SHA-1: a5b713b488b8b8255cc629c99cfeef59e6194014 SHA-256: db1a279ea4e88a4fa62265cc84a01b4abfb8f233d469228de56c160b9735c21c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, indicating a link farm or redirection strategy. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the distribution of a large number of external links, likely to distribute further malicious content or to manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jake-s-animal-friends-my-name-is-jake-series.pdf
    • http://www.gorillawalker.com/a-textbook-of-hospital-and-clinical-pharmacy-for-degree-course.pdf
    • http://www.gorillawalker.com/rome-city-breaks-series.pdf
    • http://www.gorillawalker.com/epidemiology-in-veterinary-practice.pdf
    • http://www.gorillawalker.com/in-passion-for-the-world-a-history-of-the-seventh.pdf
    • http://www.gorillawalker.com/through-the-russian-prism-essays-on-literature-and-culture.pdf
    • http://www.gorillawalker.com/forgive-and-love-again-healing-wounded-relationships.pdf
    • http://www.gorillawalker.com/memories-of-marie-reflections-on-the-life-and-work-of.pdf
    • http://www.gorillawalker.com/kids-talk-about-bravery-kids-talk-jr-library-binding.pdf
    • http://www.gorillawalker.com/so-this-is-isis.pdf
    • http://www.gorillawalker.com/electronic-trading-masters-secrets-from-the-pros-wiley-online-trading.pdf
    • http://www.gorillawalker.com/jpod-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-church-of-god-as-an-essential-element-of-the.pdf
    • http://www.gorillawalker.com/strategy-and-power-in-russia-1600-1914.pdf
    • http://www.gorillawalker.com/florida-construction-law-and-practice-6th-edition-with-cd-rom.pdf
    • http://www.gorillawalker.com/rise-of-the-faire-amanti-the-acsendant-series-volume-3.pdf
    • http://www.gorillawalker.com/mam-me-pica-manual-de-supervivencia-para-padres-novatos-en.pdf
    • http://www.gorillawalker.com/a-local-s-guide-to-visiting-and-living-in-austin.pdf
    • http://www.gorillawalker.com/variational-methods-for-eigenvalue-problems-an-introduction-to-the-methods.pdf
    • http://www.gorillawalker.com/five-nights-at-freddy-s-3-essential-cheats-guide.pdf
    • http://www.gorillawalker.com/state-and-local-public-finance.pdf
    • http://www.gorillawalker.com/language-text-and-context-essays-in-stylistics-interface.pdf
    • http://www.gorillawalker.com/training-and-development-for-the-hospitality-industry-with-answer-sheet.pdf
    • http://www.gorillawalker.com/monastic-reform-as-process-realities-and-representations-in-medieval-flanders.pdf
    • http://www.gorillawalker.com/art-and-science-in-breeding-creating-better-chickens.pdf
    • http://www.gorillawalker.com/above-us-the-sky.pdf
    • http://www.gorillawalker.com/the-ultimate-corkscrew-book-schiffer-book-for-collectors-with-price.pdf
    • http://www.gorillawalker.com/essentials-of-classic-italian-cooking-by-marcella-hazan-oct-27.pdf
    • http://www.gorillawalker.com/build-your-vocabulary-skills-a-quick-and-easy-method-kindle.pdf
    • http://www.gorillawalker.com/attila-act-i-mentre-gonfiarsi-bassoon-2-part-qty-4.pdf
    • http://www.gorillawalker.com/souls-on-board-responses-to-the-united-flight-232-tragedy.pdf
    • http://www.gorillawalker.com/tb-1-1520-240-20-97-inspection-and-lubrication-of.pdf
    • http://www.gorillawalker.com/simply-soul-food-60-super-delish-traditional-soul-food-recipes.pdf
    • http://www.gorillawalker.com/democratising-capitalism-the-political-economy-of-post-communist-transformations-in.pdf
    • http://www.gorillawalker.com/so-much-to-tell.pdf
    • http://www.gorillawalker.com/human-organ-transplant-ordinance-paperback.pdf
    • http://www.gorillawalker.com/meow-or-never-vanessa-abbot-cat-cozy-mystery-series-book.pdf
    • http://www.gorillawalker.com/neutron-data-booklet-second-edition.pdf
    • http://www.gorillawalker.com/interpreting-the-renaissance-princes-cities-architects-harvard-university-graduate-school.pdf
    • http://www.gorillawalker.com/homo-viator-introduction-to-the-metaphysic-of-hope.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.