Malicious PDF — malware analysis report

Static analysis result for SHA-256 e33f253c5c35bff0…

MALICIOUS

PDF

45.6 KB Created: 2018-11-30 20:34:23 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: b5f8870dc26b253c4fbffc5fbaf1f430 SHA-1: 96f8ea6e09cc7f81a4e63e572d2fef341f1f4081 SHA-256: e33f253c5c35bff014e1f52ae5552a58cb0188187edaed11217fd60a65baca02
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample, limiting the ability to determine specific payload delivery mechanisms.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/paint-and-color-in-decoration.pdf
    • http://www.gorillawalker.com/wealth-and-poverty-a-new-edition-for-the-twenty-first.pdf
    • http://www.gorillawalker.com/durarara-vol-1-novel-durarara-novel.pdf
    • http://www.gorillawalker.com/wine-making-beginner-wine-making-the-ultimate-guide-to-making.pdf
    • http://www.gorillawalker.com/vivaldi-antonio-concerto-in-b-minor-op-3-no-10.pdf
    • http://www.gorillawalker.com/global-aspects-in-gravitation-and-cosmology-the-international-series-of.pdf
    • http://www.gorillawalker.com/increasing-multicultural-understanding-a-comprehensive-model-multicultural-aspects-of-counseling.pdf
    • http://www.gorillawalker.com/maghella-n-9-la-principessa-sul-pisello-italian-edition.pdf
    • http://www.gorillawalker.com/1920s-fashion-design.pdf
    • http://www.gorillawalker.com/complete-idiot-s-guide-to-law-for-small-business-owners.pdf
    • http://www.gorillawalker.com/privatizing-fannie-mae-freddie-mac-and-the-federal-home-loan.pdf
    • http://www.gorillawalker.com/house-of-the-scorpion.pdf
    • http://www.gorillawalker.com/specialized-study-options-u-s-a-technical-programs-1986-1988.pdf
    • http://www.gorillawalker.com/astronomy-a-conceptual-introduction-from-the-big-bang-to-that.pdf
    • http://www.gorillawalker.com/the-berlinetta-lusso.pdf
    • http://www.gorillawalker.com/paleo-cookbook-40-simple-and-delicious-gluten-free-paleo-slow.pdf
    • http://www.gorillawalker.com/cruel-tales-the-world-s-classics.pdf
    • http://www.gorillawalker.com/how-to-make-her-feel-like-the-most-desired-woman.pdf
    • http://www.gorillawalker.com/pequeno-diccionario-de-los-griegos-small-dictionary-of-the-greeks.pdf
    • http://www.gorillawalker.com/the-principles-of-ethics-2-volume-set.pdf
    • http://www.gorillawalker.com/acting-and-reacting-tools-for-the-modern-actor.pdf
    • http://www.gorillawalker.com/the-shaping-of-grand-strategy-policy-diplomacy-and-war.pdf
    • http://www.gorillawalker.com/the-tractor-in-the-haystack-great-stories-of-tractor-archaeology.pdf
    • http://www.gorillawalker.com/motivation-in-advertising-motives-that-make-people-buy.pdf
    • http://www.gorillawalker.com/a-dictionary-of-love-over-650-quotes-on-love-from.pdf
    • http://www.gorillawalker.com/concerning-spiritual-gifts.pdf
    • http://www.gorillawalker.com/health-informatics-research-methods-principles-and-practice-with-cdrom.pdf
    • http://www.gorillawalker.com/acupressure-for-backache-made-easy-an-illustrated-self-treatment-guide.pdf
    • http://www.gorillawalker.com/english-fundamentals-4-quickstudy-academic.pdf
    • http://www.gorillawalker.com/the-north-west-coast-from-the-air.pdf
    • http://www.gorillawalker.com/ya-he-acabado.pdf
    • http://www.gorillawalker.com/drawing-and-painting-the-seashore.pdf
    • http://www.gorillawalker.com/fermentation-fermentation-for-beginners-fermentation-recipes-rich-in-probiotics-enzymes.pdf
    • http://www.gorillawalker.com/interpreting-folklore.pdf
    • http://www.gorillawalker.com/generating-middle-range-theory-from-evidence-to-practice-roy-generating.pdf
    • http://www.gorillawalker.com/bibliography-of-usgs-marine-organic-geochemistry-1976-1995-usgs-open.pdf
    • http://www.gorillawalker.com/norway-sweden-and-denmark-handbook-for-travellers-1903-hardcover.pdf
    • http://www.gorillawalker.com/stone-robbers-shades.pdf
    • http://www.gorillawalker.com/snail-s-journey-through-the-jungle-snail-s-adventures.pdf
    • http://www.gorillawalker.com/overweightness-and-walking-public-health-in-the-21st-century.pdf
    • http://www.gorillawalker.com/maghella-n-9-la-principessa-sul-pisello-italian
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.