Malicious PDF — malware analysis report

Static analysis result for SHA-256 92a60f7e8015ad84…

MALICIOUS

PDF

43.6 KB Created: 2018-12-15 08:52:24 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.0.0.486)
MD5: 2a6c4dc55ee49b85aa78c0d4dffe2c76 SHA-1: d6542c82af5f84cfeda92583b8fe080b2b653ef9 SHA-256: 92a60f7e8015ad845daadbb70957341c0e3409846dc9b1038e33cfba572f8530
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, forming a link farm. The primary heuristic indicates this is a PDF SEO link farm, suggesting the document's purpose is to drive traffic to a large collection of other PDFs hosted on the same domain. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-cycling-bible-the-complete-guide-for-all-cyclists-from.pdf
    • http://www.gorillawalker.com/seashells-of-the-texas-coast-the-elma-dill-russell-spencer.pdf
    • http://www.gorillawalker.com/confessions-of-an-energy-price-forecaster-a-12-step-program.pdf
    • http://www.gorillawalker.com/21-magical-tips-to-get-the-most-out-of-your.pdf
    • http://www.gorillawalker.com/consumption-and-social-change-in-a-post-soviet-middle-class.pdf
    • http://www.gorillawalker.com/emotionomics-leveraging-emotions-for-business-success.pdf
    • http://www.gorillawalker.com/formulas-for-mechanical-and-structural-shock-and-impact.pdf
    • http://www.gorillawalker.com/silkworm-egg-production-fao-agricultural-services-bulletins.pdf
    • http://www.gorillawalker.com/alfred-s-premier-piano-course-book-4.pdf
    • http://www.gorillawalker.com/dissociation-of-trauma-theory-phenomenology-and-technique.pdf
    • http://www.gorillawalker.com/lecture-notes-on-impedance-spectroscopy-measurement-modeling-and-applications-volume.pdf
    • http://www.gorillawalker.com/wander-around-taiwan.pdf
    • http://www.gorillawalker.com/passion-is-a-fashion-the-real-story-of-the-clash.pdf
    • http://www.gorillawalker.com/photographer-s-lighting-handbook.pdf
    • http://www.gorillawalker.com/abundance-how-to-store-and-preserve-your-garden-produce.pdf
    • http://www.gorillawalker.com/men-masculinity-and-the-media-sage-series-on-men-and.pdf
    • http://www.gorillawalker.com/selected-papers-on-the-classification-of-varieties-and-moduli-spaces.pdf
    • http://www.gorillawalker.com/waiting-for-yordana.pdf
    • http://www.gorillawalker.com/for-the-love-of-hockey-hockey-stars-personal-stories.pdf
    • http://www.gorillawalker.com/bonnard-the-complete-graphic-work-hardcover.pdf
    • http://www.gorillawalker.com/the-strategy-and-tactics-of-pricing-international-version.pdf
    • http://www.gorillawalker.com/suzuki-cello-school-volume-7-compact-disc-tsutsumi.pdf
    • http://www.gorillawalker.com/blueprint-reading-for-machinists-intermediate.pdf
    • http://www.gorillawalker.com/cellular-and-molecular-immunology-updated-edition-with-student-consult-online.pdf
    • http://www.gorillawalker.com/chris-powell-s-choose-more-lose-more-for-life-unabridged.pdf
    • http://www.gorillawalker.com/acrylic-painting-made-easy.pdf
    • http://www.gorillawalker.com/how-come-they-re-happy-and-i-m-not-the.pdf
    • http://www.gorillawalker.com/all-the-beautiful-brides-graveyard-falls.pdf
    • http://www.gorillawalker.com/management-of-esophageal-disease-1e.pdf
    • http://www.gorillawalker.com/syria-and-lebanon-under-french-mandate.pdf
    • http://www.gorillawalker.com/exercises-for-retirees-practical-pointers.pdf
    • http://www.gorillawalker.com/arizona-state-university-sun-devil-football-2000-calendar-collegiate-football.pdf
    • http://www.gorillawalker.com/history-of-the-90th-ohio-volunteer-infantry-in-the-war.pdf
    • http://www.gorillawalker.com/by-j-reid-meloy-violence-risk-and-threat-assessment-a.pdf
    • http://www.gorillawalker.com/cawson-s-essentials-of-oral-pathology-and-oral-medicine-kindle.pdf
    • http://www.gorillawalker.com/6-symphonies-after-ovid-s-metamorphoses-kr-73-78-symphony.pdf
    • http://www.gorillawalker.com/palace-walk-the-cairo-trilogy-volume-1.pdf
    • http://www.gorillawalker.com/school-leadership-through-action-research-new-2013-ed-leadership-titles.pdf
    • http://www.gorillawalker.com/dancing-the-wave-audacity-equilibrium-and-other-mysteries-of-surfing.pdf
    • http://www.gorillawalker.com/blake-and-homosexuality.pdf
    • http://www.gorillawalker.com/silkworm-egg-produ
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.