Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ec35c8554530c8a…

MALICIOUS

PDF

39.1 KB Created: 2018-11-30 20:30:40 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.0.0.486)
MD5: f8342e1e6aa85a52d64e92bbc1512351 SHA-1: 396d470d037c2fe336b2185f92b7c50cea6832bc SHA-256: 9ec35c8554530c8a640453f5624b49dacab45c7d3d3b9b353ab344706471c806
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to serve as a distribution point for further malicious content. The primary attack pattern involves leveraging the PDF document to redirect users to external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8901

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-seven-last-words-of-jesus-paperback.pdf
    • http://www.gorillawalker.com/rigby-pm-platinum-collection-individual-student-edition-blue-levels-9.pdf
    • http://www.gorillawalker.com/fifty-sheds-damper-a-parody-fifty-sheds-2-by-grey.pdf
    • http://www.gorillawalker.com/oxford-bookworms-library-king-arthur-oxford-bookworms-starter.pdf
    • http://www.gorillawalker.com/atlas-de-colombia.pdf
    • http://www.gorillawalker.com/i-m-very-into-you-correspondence-1995-1996-semiotext-e.pdf
    • http://www.gorillawalker.com/the-perfect-pop-up-punctuation-book.pdf
    • http://www.gorillawalker.com/aids-treatment-and-human-rights-in-context.pdf
    • http://www.gorillawalker.com/a-field-guide-to-seaweeds-of-the-pacific-northwest.pdf
    • http://www.gorillawalker.com/the-ultimate-game-guide-for-skylanders-giants-kindle-edition.pdf
    • http://www.gorillawalker.com/catch-the-age-wave-a-handbook-for-effective-ministry-with.pdf
    • http://www.gorillawalker.com/portraits-from-the-french-renaissance-and-the-wars-of-religion.pdf
    • http://www.gorillawalker.com/cinema-at-the-shore-the-beach-in-french-film-new.pdf
    • http://www.gorillawalker.com/500-psat-practice-questions-college-test-preparation-kindle-edition.pdf
    • http://www.gorillawalker.com/the-hairstyle-hair-care-beauty-book.pdf
    • http://www.gorillawalker.com/the-pornography-business-web-dreams-in-america-digital.pdf
    • http://www.gorillawalker.com/fasting-in-islam-and-the-month-of-islam-in-practice.pdf
    • http://www.gorillawalker.com/countering-the-conspiracy-to-destroy-black-boys-vol-3.pdf
    • http://www.gorillawalker.com/2010-american-orchid-society-calendar.pdf
    • http://www.gorillawalker.com/motorcycle-touring-in-the-pacific-northwest-the-region-s-best.pdf
    • http://www.gorillawalker.com/paleo-sweet-tooth-solution-paleo-desserts-cookbook-and-beginner-s.pdf
    • http://www.gorillawalker.com/barbizon-realist-and-french-landscape-painting-christie-s-new-york.pdf
    • http://www.gorillawalker.com/20th-century-typewriting-5th-edition.pdf
    • http://www.gorillawalker.com/a-dictionary-of-geography-oxford-paperback-reference.pdf
    • http://www.gorillawalker.com/the-wisdom-of-the-body.pdf
    • http://www.gorillawalker.com/johannesburg-eaziplan.pdf
    • http://www.gorillawalker.com/santiago-de-chile-travel-guide-sightseeing-hotel-restaurant-shopping-highlights.pdf
    • http://www.gorillawalker.com/being-wendy.pdf
    • http://www.gorillawalker.com/television-a-media-student-s-guide.pdf
    • http://www.gorillawalker.com/act-your-age-a-cultural-construction-of-adolescence-critical-social.pdf
    • http://www.gorillawalker.com/precalculus-books-a-la-carte-edition-plus-new-mymathlab-with.pdf
    • http://www.gorillawalker.com/tiger-and-dragon-i-ching.pdf
    • http://www.gorillawalker.com/diving-bell-butterfly.pdf
    • http://www.gorillawalker.com/ariya-domain-pack-ad-d-fantasy-roleplaying-birthright-setting.pdf
    • http://www.gorillawalker.com/encyclopedia-britannica-discover-america.pdf
    • http://www.gorillawalker.com/repairing-windshields-could-save-cos-200m-an-article-from-national.pdf
    • http://www.gorillawalker.com/manual-de-derecho-internacional-privado-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/boundary-lines-boundary-magic-book-2.pdf
    • http://www.gorillawalker.com/introduction-to-nanocomposite-materials-properties-processing-characterization.pdf
    • http://www.gorillawalker.com/mosby-s-textbook-for-long-term-care-nursing-assistants-textbook.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.