Malicious PDF — malware analysis report

Static analysis result for SHA-256 7f0467573077b9fc…

MALICIOUS

PDF

43.9 KB Created: 2018-11-14 08:15:21 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.1.0.588)
MD5: df6c5aa8913bff3d5ca6a64677cd010b SHA-1: 4e96a360007a8f0ff759ae6e91f9fd7bf8f5dec1 SHA-256: 7f0467573077b9fcb7ca972125e31e8ba37dfec0bc8fa766de5e5b9f14ae3819
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a significant number of external links, indicating a potential link farm or distribution mechanism. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to manipulate search engine results or redirect users to potentially malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-world-of-the-aramaeans-volume-3-studies-in-honour.pdf
    • http://www.gorillawalker.com/three-quarters-two-dimes-and-a-nickel-a-memoir-of.pdf
    • http://www.gorillawalker.com/the-public-financing-of-pharmaceuticals-an-economic-approach.pdf
    • http://www.gorillawalker.com/color-me-manga-graffiti.pdf
    • http://www.gorillawalker.com/exposure-from-president-to-whistleblower-at-olympus.pdf
    • http://www.gorillawalker.com/christmas-celebration-santa-fe-traditions-foods-crafts.pdf
    • http://www.gorillawalker.com/partitions-classique-universal-edition-diverse-vetter-literaturheft-band-1-recorder.pdf
    • http://www.gorillawalker.com/how-to-prune-trees-shrubs-climbers-a-gardener-s-guide.pdf
    • http://www.gorillawalker.com/rann-thanagar-holy-war-vol-1.pdf
    • http://www.gorillawalker.com/house-garden-nation-space-gender-and-ethnicity-in-post-colonial.pdf
    • http://www.gorillawalker.com/icebreakers-infoline-astd.pdf
    • http://www.gorillawalker.com/the-conscious-activist-where-activism-meets-mysticism.pdf
    • http://www.gorillawalker.com/approaches-to-teaching-delillo-s-white-noise-approaches-to-teaching.pdf
    • http://www.gorillawalker.com/glocken-in-sachsen-klang-zwischen-himmel-und-erde-german-edition.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-acu-points.pdf
    • http://www.gorillawalker.com/food-additive-production-license-examiners-syllabus-and-reference-problem-sets.pdf
    • http://www.gorillawalker.com/oil-lightscapes-how-to-draw-paint-art-instruction-program.pdf
    • http://www.gorillawalker.com/rosalind-solomon-chapalingas.pdf
    • http://www.gorillawalker.com/gulliver-s-travels-webster-s-slovenian-thesaurus-edition.pdf
    • http://www.gorillawalker.com/characterization-of-porous-solids-and-powders-surface-area-pore-size.pdf
    • http://www.gorillawalker.com/title-42-public-health-430-481-2011-title-42-public.pdf
    • http://www.gorillawalker.com/whispers-collection-no-1-erotic-short-stories.pdf
    • http://www.gorillawalker.com/ride-through-islam.pdf
    • http://www.gorillawalker.com/glenn-brown.pdf
    • http://www.gorillawalker.com/the-triumph-of-odysseus-homer-s-odyssey-books-21-and.pdf
    • http://www.gorillawalker.com/tell-el-daba-a-viii-the-classification-and-chronology-of.pdf
    • http://www.gorillawalker.com/score-a-better-way-to-do-busine-moving-from-conflict.pdf
    • http://www.gorillawalker.com/the-best-ever-book-of-australian-jokes-lots-and-lots.pdf
    • http://www.gorillawalker.com/three-greek-plays-prometheus-bound-agame.pdf
    • http://www.gorillawalker.com/w-e-b-du-bois-champion-of-civil-rights-african.pdf
    • http://www.gorillawalker.com/the-ern-malley-affair.pdf
    • http://www.gorillawalker.com/the-lemoncholy-life-of-annie-aster.pdf
    • http://www.gorillawalker.com/huangdi-neijing-a-synopsis-with-commentaries-english-and-mandarin-chinese.pdf
    • http://www.gorillawalker.com/cset-physics-exam-secrets-study-guide-cset-test-review-for.pdf
    • http://www.gorillawalker.com/1-corinthians-the-niv-application-commentary.pdf
    • http://www.gorillawalker.com/american-dreams-in-mississippi-consumers-poverty-and-culture-1830-1998.pdf
    • http://www.gorillawalker.com/naming-the-ruins.pdf
    • http://www.gorillawalker.com/romances-em-contos-2-portuguese-edition.pdf
    • http://www.gorillawalker.com/deadly-coast.pdf
    • http://www.gorillawalker.com/rumors-from-the-boys-room-a-blogtastic-novel.pdf
    • http://www.gorillawalker.com/how-to-prune-tr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.