Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8cb74adf7912eed…

MALICIOUS

PDF

42.9 KB Created: 2018-11-15 19:34:46 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.1.0.588)
MD5: dd08437358fb6694970cb491961aadc2 SHA-1: 3c4fc962e120436dff90aedccd40bc576fdf3ed6 SHA-256: c8cb74adf7912eede6947fa79d1be1301201ae081995caa128e61e8d1365e175
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external links within the document, suggesting a link farm or a method to distribute malicious content. The primary attack pattern involves leveraging these links, potentially for SEO manipulation or to redirect users to harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/johnny-tractor-saves-the-parade-john-deere.pdf
    • http://www.gorillawalker.com/management-basics-a-to-z-how-to-achieve-success-in.pdf
    • http://www.gorillawalker.com/gender-equity-in-islam-basic-principles.pdf
    • http://www.gorillawalker.com/alaska-travel-guide-sightseeing-hotel-restaurant-shopping-highlights.pdf
    • http://www.gorillawalker.com/101-daily-challenges-for-teens-a-road-map-for-teens.pdf
    • http://www.gorillawalker.com/romancing-the-devil.pdf
    • http://www.gorillawalker.com/diversified-farming-of-coral-reefs-harold-l-lyon-arboretum-lecture.pdf
    • http://www.gorillawalker.com/man-and-motor-cars-an-ergonomic-study.pdf
    • http://www.gorillawalker.com/pupil-book-6a-pupil-book-6a-busy-ant-maths-european.pdf
    • http://www.gorillawalker.com/all-marketers-are-liars-the-power-of-telling-authentic-stories.pdf
    • http://www.gorillawalker.com/eradicating-female-genital-mutilation-a-uk-perspective.pdf
    • http://www.gorillawalker.com/moral-theory-an-introduction-elements-of-philosophy.pdf
    • http://www.gorillawalker.com/daddy-christmas-and-hanukkah-mama.pdf
    • http://www.gorillawalker.com/blues-the-book-easy-guitar-no-tab-2nd-edition-book.pdf
    • http://www.gorillawalker.com/a-privileged-life-memoirs-of-an-activist.pdf
    • http://www.gorillawalker.com/living-psyche-a-jungian-analysis-in-pictures-psychotherapy.pdf
    • http://www.gorillawalker.com/patient-provider-interaction.pdf
    • http://www.gorillawalker.com/piratas-y-templarios-pirates-and-templars-spanish-edition.pdf
    • http://www.gorillawalker.com/every-day-but-not-some-glimpses-into-the-everyday-lives.pdf
    • http://www.gorillawalker.com/theorizing-documentary-cl-afi-film-reader.pdf
    • http://www.gorillawalker.com/strength-and-power-in-sport-the-encyclopaedia-of-sports-medicine.pdf
    • http://www.gorillawalker.com/the-karamazov-brothers-the-world-s-classics.pdf
    • http://www.gorillawalker.com/from-padi-states-to-commercial-states-reflections-on-identity-and.pdf
    • http://www.gorillawalker.com/compact-stars-nuclear-physics-particle-physics-and-general-relativity-astronomy.pdf
    • http://www.gorillawalker.com/high-fibre-cooking-eating-for-health-series.pdf
    • http://www.gorillawalker.com/blizzard-the-storm-that-changed-america.pdf
    • http://www.gorillawalker.com/brill-s-companion-to-ovid-brill-s-companions-in-classical.pdf
    • http://www.gorillawalker.com/rfic-and-mmic-design-and-technology-iee-circuits-devices-and.pdf
    • http://www.gorillawalker.com/the-art-of-sacrifice-in-chess-dover-chess.pdf
    • http://www.gorillawalker.com/the-legacy-of-the-american-revolution-to-the-british-west.pdf
    • http://www.gorillawalker.com/mamasan-kindle-edition.pdf
    • http://www.gorillawalker.com/helsinki-pocket-guide-3rd-thomas-cook-pocket-guides.pdf
    • http://www.gorillawalker.com/nicaragua-its-people-scenery-monuments-resources-condition-and-proposed-canal.pdf
    • http://www.gorillawalker.com/the-corporate-lattice-achieving-high-performance-in-the-changing-world.pdf
    • http://www.gorillawalker.com/bioscopio-primer-diccionario-de-biologia-para-chicos-spanish-edition.pdf
    • http://www.gorillawalker.com/arabian-poetry-for-english-readers.pdf
    • http://www.gorillawalker.com/digging-up-the-bones-microbiology.pdf
    • http://www.gorillawalker.com/qigong-for-health-vitality.pdf
    • http://www.gorillawalker.com/maglia-rosa-triumph-and-tragedy-at-the-giro-d-italia.pdf
    • http://www.gorillawalker.com/marketing-management-a-strategic-decision-making-approach-8th-edition-by.pdf
    • http://www.gorill
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.