Malicious PDF — malware analysis report

Static analysis result for SHA-256 e3fa949858545b6a…

MALICIOUS

PDF

32.5 KB Created: 2019-05-24 00:42:15 +03:00 Authoring application: calibre 0.9.13 [http://calibre-ebook.com]
MD5: 138254031694e60e55fd81bac96f5692 SHA-1: 921f6cb9b727e30579f4a0ac9df88f89b8d6ee7a SHA-256: e3fa949858545b6a7ece1f579f667306b27b0ca217bd3464bda335d28ccc1fab
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to serve as a landing page for further malicious activity. The document body was not sufficiently parsable to determine a specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/global-history-and-geography-the-growth-of-civilizations.pdf
    • http://www.gorillawalker.com/la-qu-mica-inorg-nica-en-reacciones-biblioteca-de-qu.pdf
    • http://www.gorillawalker.com/the-middle-works-of-john-dewey-volume-7-1899-1924.pdf
    • http://www.gorillawalker.com/adeste-fideles-keyboard-sheet-music.pdf
    • http://www.gorillawalker.com/hot-damn-and-hell-yeah-dirty-south-a-vegan-cookbook.pdf
    • http://www.gorillawalker.com/the-complete-book-of-grade-1.pdf
    • http://www.gorillawalker.com/homemade-bread-recipes-a-simple-and-easy-bread-machine-cookbook.pdf
    • http://www.gorillawalker.com/food-safety-and-toxicity.pdf
    • http://www.gorillawalker.com/the-british-loan-what-it-means-to-us.pdf
    • http://www.gorillawalker.com/sap-sd-for-beginners-2nd-edition.pdf
    • http://www.gorillawalker.com/sport-public-broadcasting-and-cultural-citizenship-signal-lost-routledge-research.pdf
    • http://www.gorillawalker.com/hiragana-from-zero-the-complete-japanese-hiragana-book-with-integrated.pdf
    • http://www.gorillawalker.com/sharjah-mini-map.pdf
    • http://www.gorillawalker.com/mystery-calcudoku-200-puzzles.pdf
    • http://www.gorillawalker.com/livre-de-dessin-comment-dessiner-des-comics-la-mer-apprendre.pdf
    • http://www.gorillawalker.com/law-and-the-limits-of-reason.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-handwriting-analysis.pdf
    • http://www.gorillawalker.com/the-lost-rocks-the-dare-stones-and-the-unsolved-mystery.pdf
    • http://www.gorillawalker.com/gender-in-the-2009-south-african-election-women-in-politics.pdf
    • http://www.gorillawalker.com/microscale-combustion-and-power-generation.pdf
    • http://www.gorillawalker.com/the-russian-s-acquisition-harlequin-presents.pdf
    • http://www.gorillawalker.com/ingles-facil-para-ti-spanish-edition.pdf
    • http://www.gorillawalker.com/scholastic-book-of-lists-ii.pdf
    • http://www.gorillawalker.com/the-poetic-edda-oxford-world-s-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/what-s-new-doc-a-collection-of-funny-poignant-and.pdf
    • http://www.gorillawalker.com/iec-tr-60785-ed-1-0-b-1984-rotating-machines.pdf
    • http://www.gorillawalker.com/python-3-object-oriented-programming-second-edition-experience-python-through.pdf
    • http://www.gorillawalker.com/the-importance-of-species-perspectives-on-expendability-and-triage.pdf
    • http://www.gorillawalker.com/the-international-jewish-cook-book-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/a-history-of-handguns.pdf
    • http://www.gorillawalker.com/85-classic-indian-recipes-easy-to-make-authentic-and-delicious.pdf
    • http://www.gorillawalker.com/holt-mcdougal-algebra-2-indiana-student-edition-2011.pdf
    • http://www.gorillawalker.com/chaela-and-the-giant-children-s-book-adventures-of-chaela.pdf
    • http://www.gorillawalker.com/snakelust.pdf
    • http://www.gorillawalker.com/wenn-du-noch-lebst-thriller-german-edition.pdf
    • http://www.gorillawalker.com/schubert-the-music-and-the-man.pdf
    • http://www.gorillawalker.com/electricity-city-a-problem-based-unit.pdf
    • http://www.gorillawalker.com/spasticity-management-rehabilitation-strategies.pdf
    • http://www.gorillawalker.com/meditation-in-action-40th-anniversary-edition-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/party-favor-watching-my-hotwife-give-herself-away-like-a.pdf
    • http://www.gorillawalker.com/sport-public-broadcasting-and-cultural-citizenship-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.