Malicious PDF — malware analysis report

Static analysis result for SHA-256 52fdf868718cc8b1…

MALICIOUS

PDF

33.9 KB Created: 2020-04-01 04:32:24 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.0.0.486)
MD5: ea736fae9cc25fc381873c1ec458a6ed SHA-1: 1029cd01a6b97b343a9b56651785d0003f363064 SHA-256: 52fdf868718cc8b1c617f3eb61e026d022255e69df821b66f56ff2de6d855d70
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the PDF as malicious. The primary purpose appears to be directing users to a vast collection of external URLs, likely for SEO spam or to serve as a landing page for further malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8015

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/college-geometry-an-introduction-to-the-modern-geometry-of-the.pdf
    • http://www.gorillawalker.com/survivors.pdf
    • http://www.gorillawalker.com/ex-machina-book-one.pdf
    • http://www.gorillawalker.com/wilfred-thesiger-a-life-in-pictures.pdf
    • http://www.gorillawalker.com/the-use-of-markers-in-fashion-illustration.pdf
    • http://www.gorillawalker.com/poisoning-my-health.pdf
    • http://www.gorillawalker.com/intermediate-written-chinese-practice-essentials-read-and-write-mandarin-chinese.pdf
    • http://www.gorillawalker.com/endometriosis-the-enigmatic-disease.pdf
    • http://www.gorillawalker.com/let-s-talk-about-stammering.pdf
    • http://www.gorillawalker.com/in-the-polish-tatra-mountains.pdf
    • http://www.gorillawalker.com/g-tterd-mmerung-wwv-86d-act-iii-trauermusik-beim-tode.pdf
    • http://www.gorillawalker.com/victorian-lust-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/let-me-learn.pdf
    • http://www.gorillawalker.com/hole-in-one.pdf
    • http://www.gorillawalker.com/the-flip-the-true-life-story-of-how-a-successful.pdf
    • http://www.gorillawalker.com/discovaring-earthquakes-and-volcanoes.pdf
    • http://www.gorillawalker.com/the-washington-star-garden-book-the-encyclopedia-of-gardening-for.pdf
    • http://www.gorillawalker.com/let-s-do-comprehension-10-11-10-11.pdf
    • http://www.gorillawalker.com/does-north-america-exist-governing-the-continent-after-nafta-and.pdf
    • http://www.gorillawalker.com/working-women-working-men-sao-paulo-the-rise-of-brazil.pdf
    • http://www.gorillawalker.com/at-home-in-the-tide-pool.pdf
    • http://www.gorillawalker.com/lauda-sion-a-cantata-for-soprano-solo-chorus-and-organ.pdf
    • http://www.gorillawalker.com/screen-world-1996-vol-47.pdf
    • http://www.gorillawalker.com/rom-o-et-juliette-h-79-full-score-a2567.pdf
    • http://www.gorillawalker.com/glass-materials-for-inspirational-design.pdf
    • http://www.gorillawalker.com/man-kzin-wars-v.pdf
    • http://www.gorillawalker.com/questions-answers-about-depression-and-its-treatment-a-consultation-with.pdf
    • http://www.gorillawalker.com/when-silence-falls-the-lakeview-series-4-steeple-hill-love.pdf
    • http://www.gorillawalker.com/gregory-s-sydney-s-street-directory-35th-edition-1970.pdf
    • http://www.gorillawalker.com/fender-g-dec-hal-leonard-guitar-method-with-smartcard-guitar.pdf
    • http://www.gorillawalker.com/the-messianic-revelation-series-v-1-announcing-judgment-day.pdf
    • http://www.gorillawalker.com/the-man-who-ran-faster-than-everyone-the-story-of.pdf
    • http://www.gorillawalker.com/gullah-home-cooking-the-daufuskie-way-smokin-joe-butter-beans.pdf
    • http://www.gorillawalker.com/capitation-the-physicians-guide-managed-health-care-handbook-series.pdf
    • http://www.gorillawalker.com/introduction-to-stereochemistry-dover-books-on-chemistry-paperback.pdf
    • http://www.gorillawalker.com/amethyst-gemstones-a-collection-of-historical-articles-on-the-origins.pdf
    • http://www.gorillawalker.com/click-on-the-special-high-school-physics-gravity-and-curved.pdf
    • http://www.gorillawalker.com/shining-the-light-the-truth-about-ets-secret-government-alien.pdf
    • http://www.gorillawalker.com/mel-bay-music-for-flute-and-guitar.pdf
    • http://www.gorillawalker.com/ghostly-tales-of-virginia-state-parks.pdf
    • http://www.gorillawalker.com/l
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.