Malicious PDF — malware analysis report

Static analysis result for SHA-256 f72d0385b7281b4d…

MALICIOUS

PDF

40.2 KB Created: 2019-04-06 10:14:37 +03:00 Authoring application: calibre 0.9.36 [http://calibre-ebook.com]
MD5: adcfa09e4a2f1659aabafb05ff0e995b SHA-1: 02e86817ad4fdafc987bdbfa25e7a995f1bc71d3 SHA-256: f72d0385b7281b4d5d16dfd25c7f5e1eced8724454edf541f2b4b5c894a5de21
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or hosting a link farm, rather than direct payload delivery within this document. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-steal-a-dog-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-for-travellers-in-algeria-and-tunis-algiers-oran-tlemcen.pdf
    • http://www.gorillawalker.com/our-hawaii.pdf
    • http://www.gorillawalker.com/traveling-to-other-worlds-lectures-on-transpersonal-expression-in-literature.pdf
    • http://www.gorillawalker.com/schaum-s-outline-of-theory-and-problems-of-punctuation-capitalization.pdf
    • http://www.gorillawalker.com/pooh-and-the-philosophers-wisdom-of-pooh.pdf
    • http://www.gorillawalker.com/in-search-of-mind-essays-in-autobiography-the-alfred-p.pdf
    • http://www.gorillawalker.com/richard-scarry-s-counting-to-ten-jigsaw-book-with-five.pdf
    • http://www.gorillawalker.com/150-best-federal-jobs.pdf
    • http://www.gorillawalker.com/positive-a-novel.pdf
    • http://www.gorillawalker.com/me-and-ma-gal.pdf
    • http://www.gorillawalker.com/death-by-china-confronting-the-dragon-a-global-call-to.pdf
    • http://www.gorillawalker.com/cengage-learning-hosted-dato-diagnostic-scenarios-for-suspension-steering-2.pdf
    • http://www.gorillawalker.com/my-stepbrother-s-baby-1.pdf
    • http://www.gorillawalker.com/foxfire-3.pdf
    • http://www.gorillawalker.com/street-smarts-an-all-purpose-tool-kit-for-entrepreneurs-unabridged.pdf
    • http://www.gorillawalker.com/mexifornia-a-state-of-a-becoming.pdf
    • http://www.gorillawalker.com/supramolecular-chemistry-fundamentals-and-applications-advanced-textbook.pdf
    • http://www.gorillawalker.com/quarks-leptons-and-the-big-bang-second-edition.pdf
    • http://www.gorillawalker.com/clint-folsom-mysteries-compendium-volume-2-kindle-edition.pdf
    • http://www.gorillawalker.com/web-development-with-java-server-pages.pdf
    • http://www.gorillawalker.com/building-social-relationships.pdf
    • http://www.gorillawalker.com/psycho-kitties.pdf
    • http://www.gorillawalker.com/curious-george-classic-collection.pdf
    • http://www.gorillawalker.com/little-fluffy-gigolo-pelu-volume-2.pdf
    • http://www.gorillawalker.com/the-cyclist-s-training-bible.pdf
    • http://www.gorillawalker.com/never-too-late-table-21-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/php6-and-mysql-bible.pdf
    • http://www.gorillawalker.com/superman-batman-sorcerer-kings.pdf
    • http://www.gorillawalker.com/public-enemies.pdf
    • http://www.gorillawalker.com/debating-varieties-of-capitalism-a-reader.pdf
    • http://www.gorillawalker.com/only-the-paranoid-survive.pdf
    • http://www.gorillawalker.com/a-killing-frost-river-dance-book-1.pdf
    • http://www.gorillawalker.com/the-diary-of-a-o-barnabooth-recovered-classics.pdf
    • http://www.gorillawalker.com/traditional-portuguese-dinner-recipes-10-recipes-the-way-av.pdf
    • http://www.gorillawalker.com/computer-forensics-cybercriminals-laws-and-evidence.pdf
    • http://www.gorillawalker.com/hell-or-high-water-macarthur-s-landing-at-inchon.pdf
    • http://www.gorillawalker.com/introduction-to-learning-and-behavior-psy-361-learning.pdf
    • http://www.gorillawalker.com/plastics-technology-handbook-volume-1.pdf
    • http://www.gorillawalker.com/how-to-bake-the-best-delicious-fudge-for-all-seasons.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.