Malicious PDF — malware analysis report

Static analysis result for SHA-256 ff52d2a3a4e55020…

MALICIOUS

PDF

42.2 KB Created: 2019-02-14 08:13:02 +03:00 Authoring application: calibre 2.23.0 [http://calibre-ebook.com]
MD5: 34f107f228412922c71a8fc56978de47 SHA-1: 67dc66395cea754c57d7e60c6efa87b84bcd4529 SHA-256: ff52d2a3a4e55020dc9ef4c6652da9f213025a4a97f7d1ec35ed97714c004244
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated, preventing a clear understanding of its specific lure, but the presence of numerous links suggests an attempt to drive traffic to a website or distribute more content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sing-and-learn-phonics-vol-2-book-with-audio-cd.pdf
    • http://www.gorillawalker.com/hark-the-herald-angels-sing-piano-vocal-guitar-sheet-music.pdf
    • http://www.gorillawalker.com/when-death-is-sought-assisted-suicide-and-euthanasia-in-the.pdf
    • http://www.gorillawalker.com/seneca-and-elizabethan-tragedy.pdf
    • http://www.gorillawalker.com/frequently-asked-questions-in-ifrs.pdf
    • http://www.gorillawalker.com/classic-battletech-field-manual-updates.pdf
    • http://www.gorillawalker.com/mindful-mandalas-kindle-edition.pdf
    • http://www.gorillawalker.com/sacred-art-in-east-and-west-1st-edition-wisdom-foundation.pdf
    • http://www.gorillawalker.com/ramanujan-s-lost-notebook-part-i-pt-1.pdf
    • http://www.gorillawalker.com/mediated-maternity-contemporary-american-portrayals-of-bad-mothers-in-literature.pdf
    • http://www.gorillawalker.com/thethe-world-cup-pack-a.pdf
    • http://www.gorillawalker.com/johnson-evinrude-four-stroke-outboard-motor-shop-manual-clymer-marine.pdf
    • http://www.gorillawalker.com/samurai-deeper-kyo-book-3.pdf
    • http://www.gorillawalker.com/the-traveller-his-road.pdf
    • http://www.gorillawalker.com/manatees-life-under-the-sea.pdf
    • http://www.gorillawalker.com/world-of-cezanne.pdf
    • http://www.gorillawalker.com/fast-facts-lymphoma.pdf
    • http://www.gorillawalker.com/batman-mad-love-and-other-stories.pdf
    • http://www.gorillawalker.com/grateful-dead-anthology-intermediate-guitar-tab.pdf
    • http://www.gorillawalker.com/seasoning-lent-40-days-of-recipes-and-reflections-volume-1.pdf
    • http://www.gorillawalker.com/sogobujutsu.pdf
    • http://www.gorillawalker.com/the-still-point-dhammapada-living-the-buddha-s-essential-teachings.pdf
    • http://www.gorillawalker.com/max-on-life-discovering-the-power-of-prayer.pdf
    • http://www.gorillawalker.com/treatise-on-invertebrate-paleontology-part-o-arthropoda-1-arthropoda-general.pdf
    • http://www.gorillawalker.com/curso-sobre-el-quijote-spanish-edition-grandes-clasicos-biblioteca-de.pdf
    • http://www.gorillawalker.com/collected-prose-autobiographical-writings-true-stories-critical-essays-prefaces-collaborations.pdf
    • http://www.gorillawalker.com/my-sparkletastic-sticker-activity.pdf
    • http://www.gorillawalker.com/millennium-park-creating-a-chicago-landmark-historical-studies-of-urban.pdf
    • http://www.gorillawalker.com/keeping-hope.pdf
    • http://www.gorillawalker.com/the-ghana-cookbook.pdf
    • http://www.gorillawalker.com/bible-study-guide-for-beginners.pdf
    • http://www.gorillawalker.com/hal-leonard-peanuts-for-trombone-instrumental-play-along-book-cd.pdf
    • http://www.gorillawalker.com/mathematics-for-veterinary-medical-technicians.pdf
    • http://www.gorillawalker.com/inspector-cadaver-inspector-maigret-24.pdf
    • http://www.gorillawalker.com/vehicle-and-occupant-kinematics-simulation-and-modeling-s-p-society.pdf
    • http://www.gorillawalker.com/the-way-we-live-now-wordsworth-classics.pdf
    • http://www.gorillawalker.com/disaster-preparedness-guide-for-people-with-diabetes.pdf
    • http://www.gorillawalker.com/a-student-s-guide-to-history-11th-eleventh-edition.pdf
    • http://www.gorillawalker.com/from-blushing-bride-to-wedded-wife-practical-advice-from-a.pdf
    • http://www.gorillawalker.com/violin-exam-pieces-g-3-score-part-abrsm-exam-pieces.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.