Malicious PDF — malware analysis report

Static analysis result for SHA-256 55b9eed93123bfe6…

MALICIOUS

PDF

44.4 KB Created: 2018-11-30 20:24:46 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.0.0.486)
MD5: 9bbd62990e5d7967cc07b9f2b6478f74 SHA-1: c8939783f6b84489714faa962f7278986dc9982b SHA-256: 55b9eed93123bfe68457f8245ced2fb26fb5e6b60f90cc37068cad6844efcae7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection abuse. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links points to a non-standard document usage, likely for SEO manipulation or to distribute malicious payloads indirectly.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/british-museum-mummy-portraits-from-roman-egypt.pdf
    • http://www.gorillawalker.com/historic-ornament-a-pictorial-archive-dover-pictorial-archive.pdf
    • http://www.gorillawalker.com/sivanandalahari-of-sankaracarya.pdf
    • http://www.gorillawalker.com/american-muscle-cars-2015-16-month-calendar-september-2014-through.pdf
    • http://www.gorillawalker.com/managing-thought-think-differently-think-powerfully-achieve-new-levels-of.pdf
    • http://www.gorillawalker.com/mikhail-gorbachev.pdf
    • http://www.gorillawalker.com/the-official-patient-s-sourcebook-on-pterygium-a-revised-and.pdf
    • http://www.gorillawalker.com/steck-vaughn-early-math-student-edition-grade-1-addition-5.pdf
    • http://www.gorillawalker.com/peeps-at-many-lands-ancient-rome-yesterday-s-classics-kindle.pdf
    • http://www.gorillawalker.com/introduction-to-thermophysics.pdf
    • http://www.gorillawalker.com/toward-a-digital-aesthetic-the-art-of-yolanda-victoria-fundora.pdf
    • http://www.gorillawalker.com/the-tennessee-campaign-of-1864.pdf
    • http://www.gorillawalker.com/peanuts-the-beagle-has-landed-charlie-brown-original-graphic-novel.pdf
    • http://www.gorillawalker.com/rajasthan-agra-delhi-a-travel-guide.pdf
    • http://www.gorillawalker.com/the-ancient-book-of-time-the-lost-mayan-time-codes.pdf
    • http://www.gorillawalker.com/campus-hate-speech-on-trial-second-edition-revised.pdf
    • http://www.gorillawalker.com/learn-the-network-routers-online-business-networking-secrets.pdf
    • http://www.gorillawalker.com/concertone-in-c-major-k-190-186e-full-score-a1779.pdf
    • http://www.gorillawalker.com/east-of-the-jordan-a-record-of-travel-and-observation.pdf
    • http://www.gorillawalker.com/conscious-healing-book-one-on-the-regenetics-method-2nd-edition.pdf
    • http://www.gorillawalker.com/suzuki-recorder-school-alto-recorder-volume-3-recorder-part.pdf
    • http://www.gorillawalker.com/the-officers-of-the-css-shenandoah-new-perspectives-on-the.pdf
    • http://www.gorillawalker.com/the-toughest-cowboy-or-how-the-wild-west-was-tamed.pdf
    • http://www.gorillawalker.com/the-queen-of-spades-and-other-russian-stories-dual-language.pdf
    • http://www.gorillawalker.com/expert-success-stories.pdf
    • http://www.gorillawalker.com/emotions-and-beliefs-how-feelings-influence-thoughts-studies-in-emotion.pdf
    • http://www.gorillawalker.com/oecd-tax-policy-studies-e-commerce-transfer-pricing-and-business.pdf
    • http://www.gorillawalker.com/geomorphology-of-the-ravi-river.pdf
    • http://www.gorillawalker.com/the-making-of-gypsy.pdf
    • http://www.gorillawalker.com/celiac-disease-safe-food-list-and-essential-information-on-living.pdf
    • http://www.gorillawalker.com/the-survival-of-empire-portuguese-trade-and-society-in-china.pdf
    • http://www.gorillawalker.com/worst-case-bioethics-death-disaster-and-public-health.pdf
    • http://www.gorillawalker.com/heaven-on-earth-kindle-edition.pdf
    • http://www.gorillawalker.com/the-new-century-pocket-guide-for-writers.pdf
    • http://www.gorillawalker.com/jump-jog-leapfrog-fun-with-action-words-milet-wordwise-series.pdf
    • http://www.gorillawalker.com/collateral-damage-musings-of-the-broken-hearted-kindle-edition.pdf
    • http://www.gorillawalker.com/samosas-the-top-50-most-delicious-samosa-recipes-tasty-little.pdf
    • http://www.gorillawalker.com/the-sacrament-of-abortion.pdf
    • http://www.gorillawalker.com/going-off-a-black-woman-s-guide-for-dealing-with.pdf
    • http://www.gorillawalker.com/erotic-futagirl-bundle-ix-the-best-of-the-best.pdf
    • http://www.gorillawalker.com/the-official-patient-s-so
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.