Malicious PDF — malware analysis report

Static analysis result for SHA-256 e30fe741331b8cfa…

MALICIOUS

PDF

45.1 KB Created: 2018-12-15 20:01:01 +03:00 Authoring application: calibre 0.9.10 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: c50442b26d818738307653a847322cfc SHA-1: 0d01a8b868e4d4db1f8ad9ba88a3ba22d2048b4d SHA-256: e30fe741331b8cfa2bfa73730390071b243cfc99523752f65a8614beb3b3ec86
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, likely intended to manipulate search engine rankings or to serve as a distribution point for further malicious content. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-pianist-and-taking-sides.pdf
    • http://www.gorillawalker.com/uganda-a-nation-in-transition-post-colonial-analysis.pdf
    • http://www.gorillawalker.com/organization-of-the-spinal-cord-progress-in-brain-research.pdf
    • http://www.gorillawalker.com/crosscurrents-west-indian-immigrants-and-race.pdf
    • http://www.gorillawalker.com/fuel-log-fuel-mileage-and-expense.pdf
    • http://www.gorillawalker.com/self-paced-phonics-a-text-for-educators-5th-edition.pdf
    • http://www.gorillawalker.com/contemporary-real-estate-finance-selected-readings.pdf
    • http://www.gorillawalker.com/oils-detergents-and-maintenance-specialties-volume-2-formulary.pdf
    • http://www.gorillawalker.com/the-shopkeepers-storefront-businesses-br-and-the-future-of-retail.pdf
    • http://www.gorillawalker.com/solitude-in-the-thought-of-thomas-merton-cistercian-studies-series.pdf
    • http://www.gorillawalker.com/barth-outstanding-christian-thinkers-hardcover-continuum.pdf
    • http://www.gorillawalker.com/disabled-children-contested-caring-1850-1979-studies-for-the-society.pdf
    • http://www.gorillawalker.com/tempest-rising-jane-true.pdf
    • http://www.gorillawalker.com/epidemic-respiratory-disease-the-pneumonias-and-other-infections-of-the.pdf
    • http://www.gorillawalker.com/understanding-the-european-union-a-concise-introduction.pdf
    • http://www.gorillawalker.com/scottish-royal-palaces-the-architecture-of-the-royal-residences-during.pdf
    • http://www.gorillawalker.com/one-unknown-a-remarkable-account-of-survival-and-coming-to.pdf
    • http://www.gorillawalker.com/excavations-in-residential-areas-of-tikal-group-7f-1-tikal.pdf
    • http://www.gorillawalker.com/diabetes-snack-munch-nibble-nosh-book-150-quick-treats-to.pdf
    • http://www.gorillawalker.com/jim-olson-houses.pdf
    • http://www.gorillawalker.com/politics-and-ideology-in-allende-s-chile.pdf
    • http://www.gorillawalker.com/dear-nobody-the-true-diary-of-mary-rose-kindle-edition.pdf
    • http://www.gorillawalker.com/college-basketball-guide-all-the-teams-all-the-stars-all.pdf
    • http://www.gorillawalker.com/mathematical-methods-models-and-modelling-matrices-and-determinants-course-mst207.pdf
    • http://www.gorillawalker.com/from-east-to-west-odyssey-of-a-soul-classical-texts.pdf
    • http://www.gorillawalker.com/the-complete-book-of-essential-oils-and-aromatherapy-1st-first.pdf
    • http://www.gorillawalker.com/wolves-2012-deluxe-wall-calendar.pdf
    • http://www.gorillawalker.com/mistress-of-falcon-court.pdf
    • http://www.gorillawalker.com/poder-libertad-y-gracia-spanish-edition.pdf
    • http://www.gorillawalker.com/hedgehogs-in-the-dark-creatures-of-the-night.pdf
    • http://www.gorillawalker.com/the-essential-chaplin-perspectives-on-the-life-and-art-of.pdf
    • http://www.gorillawalker.com/preaching-the-new-lectionary-year-c-paperback.pdf
    • http://www.gorillawalker.com/no-more-cherry-blossoms-sisters-matsumoto-and-other-plays.pdf
    • http://www.gorillawalker.com/the-five-thousand-year-leap-30-year-anniversary-edition-with.pdf
    • http://www.gorillawalker.com/tale-of-the-green-dragon.pdf
    • http://www.gorillawalker.com/atencion-primaria-2-vols-4e-spanish-edition.pdf
    • http://www.gorillawalker.com/more-easy-songs-for-ukulele-book.pdf
    • http://www.gorillawalker.com/10-ways-to-build-excitement-for-a-walt-disney-world.pdf
    • http://www.gorillawalker.com/cognitive-methods-in-social-psychology.pdf
    • http://www.gorillawalker.com/successful-family-before-the-ring-the-successful-family.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.