Malicious PDF — malware analysis report

Static analysis result for SHA-256 c16da72a56734352…

MALICIOUS

PDF

36.5 KB Created: 2019-08-03 20:42:20 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.0.0.486)
MD5: 261239dc1eb4b407817ce9ba2612fef3 SHA-1: 0540cc6c996cfbda88e68d3a9409f21a0028662a SHA-256: c16da72a567343522c301746c515de4fdbaabc3cd1463213b5640e9cacf0ce77
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a website hosting numerous PDF files, likely as a form of SEO abuse or to distribute potentially malicious content indirectly.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8196

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/daughters-of-the-kgb-moscow-s-secret-spies-sleepers-and.pdf
    • http://www.gorillawalker.com/theory-of-chess-openings-open-games-by-keres-russian-edition.pdf
    • http://www.gorillawalker.com/the-early-church-fathers-nicene-post-nicene-fathers-volume-8.pdf
    • http://www.gorillawalker.com/basic-group-processes-springer-series-in-social-psychology.pdf
    • http://www.gorillawalker.com/recent-developments-in-ruminant-nutrition-4.pdf
    • http://www.gorillawalker.com/wonders-of-the-ancient-world-national-geographic-atlas-of-archaeology.pdf
    • http://www.gorillawalker.com/an-illustrated-guide-to-taping-techniques-principles-and-practice-2e.pdf
    • http://www.gorillawalker.com/the-history-of-the-republican-party-the-u-s-government.pdf
    • http://www.gorillawalker.com/the-oyster-vol-5-the-victorian-underground-magazine-of-erotica.pdf
    • http://www.gorillawalker.com/nation-of-devils-democratic-leadership-and-the-problem-of-obedience.pdf
    • http://www.gorillawalker.com/health-guide-to-you-and-weight-training-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/a-dutch-boy-fifty-years-after.pdf
    • http://www.gorillawalker.com/die-arabische-republik-jemen-zur-verfassung-und-verwaltung-eines-entwicklungslandes.pdf
    • http://www.gorillawalker.com/international-microwave-handbook.pdf
    • http://www.gorillawalker.com/atlas-of-functional-neuroanatomy-third-edition.pdf
    • http://www.gorillawalker.com/50-social-studies-strategies-for-k-8-classrooms-pearson-etext.pdf
    • http://www.gorillawalker.com/draw-a-fast-fun-effective-way-to-learn.pdf
    • http://www.gorillawalker.com/keyboard-chord-dictionary.pdf
    • http://www.gorillawalker.com/introduction-to-california-soils-and-plants-serpentine-vernal-pools-and.pdf
    • http://www.gorillawalker.com/inside-the-kingdom-kindle-edition.pdf
    • http://www.gorillawalker.com/train-madness-stories-from-a-life-long-love-of-trains.pdf
    • http://www.gorillawalker.com/helping-teens-cope-resources-for-the-school-library-media-specialist.pdf
    • http://www.gorillawalker.com/charleston-recollections-and-receipts-rose-p-ravenel-s-cookbook.pdf
    • http://www.gorillawalker.com/asset-allocation-for-dummies.pdf
    • http://www.gorillawalker.com/eco-friendly-management-of-diamondback-moth-plutella-xylostella-l-study.pdf
    • http://www.gorillawalker.com/10-ways-to-use-your-breville-juicer-kindle-edition.pdf
    • http://www.gorillawalker.com/the-stuff-you-can-t-bottle-advertising-for-the-global.pdf
    • http://www.gorillawalker.com/the-social-history-of-flatbush-and-manners-and-customs-of.pdf
    • http://www.gorillawalker.com/a-birder-s-guide-to-maine.pdf
    • http://www.gorillawalker.com/grundz-ge-der-wissenschaftlichen-elektrochemie-auf-experimenteller-basis-german-edition.pdf
    • http://www.gorillawalker.com/geology-and-plate-tectonics-interpretation-of-the-sediments-of-the.pdf
    • http://www.gorillawalker.com/comedy-plays-and-scenes-for-student-actors-short-sketches-for.pdf
    • http://www.gorillawalker.com/veterinary-pathology.pdf
    • http://www.gorillawalker.com/dictionary-of-electrochemistry.pdf
    • http://www.gorillawalker.com/der-umgang-mit-autismus-in-den-usa-schulische-praxis-empowerment.pdf
    • http://www.gorillawalker.com/the-scarred-prince-the-wolf-s-pet-book-one.pdf
    • http://www.gorillawalker.com/violated-by-monsters-the-gargoyle-roost-kindle-edition.pdf
    • http://www.gorillawalker.com/the-bicknells-and-the-family-re-union-at-weymouth-massachusetts.pdf
    • http://www.gorillawalker.com/elephant-who-was-scared-when-i-was.pdf
    • http://www.gorillawalker.com/pathfinder-campaign-setting-artifacts-and-legends-by-f-wesley-schneider.pdf
    • http://www.gorillawalker.com/nation-of-devils-democratic-leadership-and-the-problem-of
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.