Malicious PDF — malware analysis report

Static analysis result for SHA-256 f9782de31f2debb0…

MALICIOUS

PDF

34.7 KB Created: 2019-09-08 11:51:56 +03:00 Authoring application: calibre 0.9.8 [http://calibre-ebook.com] (via PoDoFo - http://podofo.sf.net)
MD5: 21cfe33457fcc3dd3da31f24242d7985 SHA-1: 2396b670ccd9b38a3127b655a406d6bf8c98cf8a SHA-256: f9782de31f2debb0190cdca56848dd94e049809c7d589ba6814f4ee30c78a1de
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hawaii-goes-to-war-the-aftermath-of-pearl-harbor.pdf
    • http://www.gorillawalker.com/natural-laws-governing-the-mortal-and-immortal-worlds.pdf
    • http://www.gorillawalker.com/solidworks-2015-learn-by-doing-part-assembly-drawings-sheet-metal.pdf
    • http://www.gorillawalker.com/twilight-of-the-romanovs-a-photographic-odyssey-across-imperial-russia.pdf
    • http://www.gorillawalker.com/eleventh-international-symposium-on-cerebral-blood-flow-and-metabolism-international.pdf
    • http://www.gorillawalker.com/feeding-the-city-from-street-market-to-liberal-reform-in.pdf
    • http://www.gorillawalker.com/real-estate-math-demystified.pdf
    • http://www.gorillawalker.com/autistic-children-new-hope-for-a-cure.pdf
    • http://www.gorillawalker.com/garter-snakes-wild-about-snakes.pdf
    • http://www.gorillawalker.com/christian-camenisch-ii-et-al-petitioners-v-united-states-et.pdf
    • http://www.gorillawalker.com/la-forza-del-destino-act-ii-duetto-piu-tranquilla-l.pdf
    • http://www.gorillawalker.com/gnostic-anthropology-timeless-gnostic-wisdom.pdf
    • http://www.gorillawalker.com/the-alphabet-song-sing-along-songs.pdf
    • http://www.gorillawalker.com/titans-kindle-edition.pdf
    • http://www.gorillawalker.com/power-and-madness-the-logic-of-nuclear-coercion.pdf
    • http://www.gorillawalker.com/republica-de-colombia-excursiones-presidenciales-apuntes-de-un-diario-de.pdf
    • http://www.gorillawalker.com/natale-conti-s-mythologiae-2-volume-set.pdf
    • http://www.gorillawalker.com/healing-foods-how-to-nurture-yourself-and-fight-illness.pdf
    • http://www.gorillawalker.com/user-experience-management-essential-skills-for-leading-effective-ux-teams.pdf
    • http://www.gorillawalker.com/stimulant-switch-to-atomoxetine-ok-in-adhd-behavioral-pediatrics-attention.pdf
    • http://www.gorillawalker.com/the-michigan-practitioners-guide-to-financing-nursing-home-care.pdf
    • http://www.gorillawalker.com/scripture-memory-songs-verses-about-being-a-friend-max-lucado.pdf
    • http://www.gorillawalker.com/taxation-the-people-s-business.pdf
    • http://www.gorillawalker.com/julian-trevelyan.pdf
    • http://www.gorillawalker.com/creative-truth-start-build-a-profitable-design-business.pdf
    • http://www.gorillawalker.com/microsoft-project-2013-plain-simple.pdf
    • http://www.gorillawalker.com/of-two-minds-a-new-approach-for-better-understanding-your.pdf
    • http://www.gorillawalker.com/the-submission.pdf
    • http://www.gorillawalker.com/soccer-beat.pdf
    • http://www.gorillawalker.com/eamon-de-valera-the-man-who-was-ireland.pdf
    • http://www.gorillawalker.com/nicki-minaj-2016-square-12x12-bravado.pdf
    • http://www.gorillawalker.com/tap-the-greatest-tap-dance-stars-and-their-stories-1900.pdf
    • http://www.gorillawalker.com/advances-in-applied-bioremediation-soil-biology.pdf
    • http://www.gorillawalker.com/finite-element-based-transient-dynamic-analysis-for-four-wheeled-trolley.pdf
    • http://www.gorillawalker.com/emergency-planning-for-the-solo-entrepreneur-back-up-your-business.pdf
    • http://www.gorillawalker.com/use-by-the-united-states-of-a-military-force-in.pdf
    • http://www.gorillawalker.com/graffiti-a-new-york.pdf
    • http://www.gorillawalker.com/100-strokes-of-the-brush-before-bed.pdf
    • http://www.gorillawalker.com/peruvian-prehistory-an-overview-of-pre-inca-and-inca-society.pdf
    • http://www.gorillawalker.com/the-britannica-guide-to-numbers-and-measurement-math-explained.pdf
    • http://www.gorillawalker.com/chr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://podofo.sf.net
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    +2 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.