Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba51e99e45c22f98…

MALICIOUS

PDF

34.0 KB Created: 2020-03-12 17:17:29 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.0.0.486)
MD5: 1fa5877443726e1faa7f4b5e899f0b42 SHA-1: f64bab5ac2bee06bc184d5f030cd037f2ea7b48b SHA-256: ba51e99e45c22f9880886b15552efd4583718e06b8f44c132665814b258d21b1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, specifically pointing to PDF files on the domain 'gorillawalker.com'. The ML classifier also indicated a high probability of maliciousness. The document body contains numerous embedded URLs, all leading to PDF files on the same domain, suggesting a link farm or redirection scheme designed to lead users to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-ghost-next-door-goosebumps.pdf
    • http://www.gorillawalker.com/fireflies-selected-haiku-1975-85-new-poets-series.pdf
    • http://www.gorillawalker.com/you-are-a-powerful-creator-my-little-one-creating-happiness.pdf
    • http://www.gorillawalker.com/rivers-earth-in-danger.pdf
    • http://www.gorillawalker.com/mickey-cohen-the-life-and-crimes-of-l-a-s.pdf
    • http://www.gorillawalker.com/the-field-guide-to-human-error-investigations.pdf
    • http://www.gorillawalker.com/the-modern-temper-american-culture-and-society-in-the-1920s.pdf
    • http://www.gorillawalker.com/a-companion-to-the-hellenistic-world.pdf
    • http://www.gorillawalker.com/reviewing-qualitative-research-in-the-social-sciences.pdf
    • http://www.gorillawalker.com/study-guide-for-1z0-497-oracle-database-12c-essentials-oracle.pdf
    • http://www.gorillawalker.com/the-betrayal-of-god-ideological-conflict-in-job-literary-currents.pdf
    • http://www.gorillawalker.com/developing-responsive-web-applications-with-ajax-and-jquery.pdf
    • http://www.gorillawalker.com/greedy-zebra-african-animal-tales.pdf
    • http://www.gorillawalker.com/the-life-of-david-as-reflected-in-his-psalms.pdf
    • http://www.gorillawalker.com/31-no-foo-foo-chicken-recipes-delicious-family-friendly-chicken.pdf
    • http://www.gorillawalker.com/professional-symbian-programming-mobile-solutions-on-the-epoc-platform.pdf
    • http://www.gorillawalker.com/the-journey-home-how-jewish-women-shaped-modern-america.pdf
    • http://www.gorillawalker.com/business-image-design.pdf
    • http://www.gorillawalker.com/federalism-and-subsidiarity-nomos-lv-nomos-american-society-for-political.pdf
    • http://www.gorillawalker.com/bimwili-and-the-zimwi-my-bear-books.pdf
    • http://www.gorillawalker.com/supertiming-the-unique-elliott-wave-system-keys-to-anticipating-impending.pdf
    • http://www.gorillawalker.com/cognition-epistemological-inquiry-philosophy.pdf
    • http://www.gorillawalker.com/principles-of-fasting-the-only-introduction-you-ll-ever-need.pdf
    • http://www.gorillawalker.com/handbook-of-chemical-microscopy-v-2.pdf
    • http://www.gorillawalker.com/dc-superman-the-animated-series-guide.pdf
    • http://www.gorillawalker.com/natural-medicine-for-arthritis-the-dell-natural-medicine-library.pdf
    • http://www.gorillawalker.com/the-path-of-a-christian-witch.pdf
    • http://www.gorillawalker.com/let-s-go-the-budget-guide-to-greece-and-turkey.pdf
    • http://www.gorillawalker.com/new-combinations-of-treatment-options-for-psoriasis-an-article-from.pdf
    • http://www.gorillawalker.com/teach-me-russian-paperback-and-audio-cd-a-musical-journey.pdf
    • http://www.gorillawalker.com/soldiers-three.pdf
    • http://www.gorillawalker.com/the-solitude-of-emperors.pdf
    • http://www.gorillawalker.com/ziska.pdf
    • http://www.gorillawalker.com/suite-from-carmen-score-parts-stringsets-music-for-string-ensemble.pdf
    • http://www.gorillawalker.com/the-house-that-jack-built-pb-w-cd.pdf
    • http://www.gorillawalker.com/plato-apology-hispanic-classics-medieval-ancient-greek-edition.pdf
    • http://www.gorillawalker.com/daily-telegraph-cryptic-crosswords-61-no-61.pdf
    • http://www.gorillawalker.com/the-wife-gets-aroused-five-sexy-wife-erotica-stories.pdf
    • http://www.gorillawalker.com/financial-modeling-for-options-futures-and-derivatives.pdf
    • http://www.gorillawalker.com/color-atlas-of-avian-anatomy.pdf
    • http://www.gorillawal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.