Malicious PDF — malware analysis report

Static analysis result for SHA-256 44a75fcff2699d83…

MALICIOUS

PDF

44.4 KB Created: 2018-11-23 21:08:45 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.0.0.486)
MD5: 7708042743e12a5f1cac7fbe72426b93 SHA-1: 100da6e01e9a8bd5a2b251d5dd784345a8779a07 SHA-256: 44a75fcff2699d83a1eec16da4288a286143170eced3318e558fcbedeba97643
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. This suggests the primary purpose is to create a link farm, likely for SEO manipulation or to distribute a large volume of content. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific malicious intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/handbook-of-orthodontics-international-edition.pdf
    • http://www.gorillawalker.com/how-to-cook-in-casserole-dishes.pdf
    • http://www.gorillawalker.com/the-new-science-of-skin-and-scuba-diving-a-project.pdf
    • http://www.gorillawalker.com/by-don-r-crawley-the-accidental-administrator-linux-server-step.pdf
    • http://www.gorillawalker.com/phtls-soporte-vital-b-sico-y-avanzado-en-el-trauma.pdf
    • http://www.gorillawalker.com/proverbs-east-and-west-an-anthology-of-chinese-korean-and.pdf
    • http://www.gorillawalker.com/start-your-own-freelance-writing-business-and-more-copywriter-proofreader.pdf
    • http://www.gorillawalker.com/blood-relative.pdf
    • http://www.gorillawalker.com/education-in-sub-saharan-africa-comparing-faith-inspired-private-secular.pdf
    • http://www.gorillawalker.com/five-star-science-fiction-fantasy-paying-the-piper-at-the.pdf
    • http://www.gorillawalker.com/foundations-of-software-testing.pdf
    • http://www.gorillawalker.com/299-insane-guitar-licks-299-guitar-licks-w-audio-files.pdf
    • http://www.gorillawalker.com/devotion-sacred-solos-for-guitar.pdf
    • http://www.gorillawalker.com/in-the-wait-understanding-the-purpose-for-your-destiny.pdf
    • http://www.gorillawalker.com/principles-and-applications-of-electrical-engineering.pdf
    • http://www.gorillawalker.com/ben-s-big-book-of-cars.pdf
    • http://www.gorillawalker.com/artists-postcards-a-compendium.pdf
    • http://www.gorillawalker.com/cal-2015-olivia-bettie-page.pdf
    • http://www.gorillawalker.com/dangerous-men-4th-edition.pdf
    • http://www.gorillawalker.com/iwork-for-dummies.pdf
    • http://www.gorillawalker.com/dancing-shrimp-favorite-thai-recipes-for-seafood.pdf
    • http://www.gorillawalker.com/metal-fatigue-the-making-of-a-middle-aged-metal-head.pdf
    • http://www.gorillawalker.com/political-liberalism-expanded-edition-columbia-classics-in-philosophy.pdf
    • http://www.gorillawalker.com/the-heroic-rulers-of-archaic-and-classical-greece.pdf
    • http://www.gorillawalker.com/calcification-the-aging-factor-how-to-defuse-the-calcium-bomb.pdf
    • http://www.gorillawalker.com/globalized-arts-the-entertainment-economy-and-cultural-identity.pdf
    • http://www.gorillawalker.com/all-natural-soups-stews-kindle-edition.pdf
    • http://www.gorillawalker.com/yuck-s-fart-club.pdf
    • http://www.gorillawalker.com/heartland-nebraska.pdf
    • http://www.gorillawalker.com/small-wind-turbines-analysis-design-and-application-green-energy-and.pdf
    • http://www.gorillawalker.com/daniel-webster-and-the-rise-of-national-conservatism.pdf
    • http://www.gorillawalker.com/volcano-when-a-mountain-explodes-high-five-reading.pdf
    • http://www.gorillawalker.com/case-western-reserve-university-off-the-record-college-prowler-college.pdf
    • http://www.gorillawalker.com/the-everything-thai-cookbook-from-pad-thai-to-lemongrass-chicken.pdf
    • http://www.gorillawalker.com/acta-aethiopica-acta-aethiopica-vol-1.pdf
    • http://www.gorillawalker.com/western-philosophy-an-anthology.pdf
    • http://www.gorillawalker.com/calligrammes-poems-of-peace-and-war-1913-1916.pdf
    • http://www.gorillawalker.com/350-ejercicios-de-restas-con-llevadas-para-segundo-de-primaria.pdf
    • http://www.gorillawalker.com/arguing-about-disability-philosophical-perspectives.pdf
    • http://www.gorillawalker.com/surface-tension-gay-steampunk-erotica.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.