Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0e5a2ac32701993…

MALICIOUS

PDF

42.5 KB Created: 2018-11-26 20:03:32 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.1.0.588)
MD5: bae43be4ccbf88d7a2566b9125a45238 SHA-1: d7ce309db2eba6fead6e6cbbdd1b16499b61096a SHA-256: d0e5a2ac3270199346592d203545e03cf135c9e0775ab27efd9d6d2f33a4f69a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of embedded external links, suggesting a link farm or SEO manipulation tactic. The specific content of the links points to various book titles, but the sheer volume and the heuristic firing indicate a non-standard use of the PDF format. No scripts were extracted, and the document body was unreadable, limiting further analysis of intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lying-and-christian-ethics-new-studies-in-christian-ethics.pdf
    • http://www.gorillawalker.com/the-dark-lake-the-oshkosh-trilogy-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/something-witchy-this-way-comes-the-chosen-book-1.pdf
    • http://www.gorillawalker.com/a-life-of-abuse.pdf
    • http://www.gorillawalker.com/plain-living-the-diary-1-a-lines-from-lancaster-county.pdf
    • http://www.gorillawalker.com/humpty-dumpty-and-other-plays.pdf
    • http://www.gorillawalker.com/night-flame.pdf
    • http://www.gorillawalker.com/inclusive-equality-a-vision-for-social-justice.pdf
    • http://www.gorillawalker.com/when-marx-mattered-an-intellectual-odyssey.pdf
    • http://www.gorillawalker.com/criminal-injuries-compensation-claims-paperback.pdf
    • http://www.gorillawalker.com/this-little-light-of-mine-the-life-of-fannie-lou.pdf
    • http://www.gorillawalker.com/criminal-abortion-a-study-in-medical-sociology.pdf
    • http://www.gorillawalker.com/acts-of-the-legislature-passed-at-the-session-of-1906.pdf
    • http://www.gorillawalker.com/clifford-s-animal-sounds-clifford-y-los-sonidos-de-los.pdf
    • http://www.gorillawalker.com/feng-shui-for-interiors.pdf
    • http://www.gorillawalker.com/medical-spanish-mix-and-match-easy-spanish-for-health-care.pdf
    • http://www.gorillawalker.com/projective-geometry-creative-polarities-in-space-and-time.pdf
    • http://www.gorillawalker.com/early-japanese-coins.pdf
    • http://www.gorillawalker.com/merlin-pendragon-cycle-book-2-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-rosicrucians-their-rites-and-mysteries.pdf
    • http://www.gorillawalker.com/nellie-norton-or-southern-slavery-and-the-bible-a-scriptural.pdf
    • http://www.gorillawalker.com/engineering-mechanics-of-composite-materials.pdf
    • http://www.gorillawalker.com/doctor-in-the-nest.pdf
    • http://www.gorillawalker.com/attention-deficit-disorders-and-gifted-students-what-do-we-really.pdf
    • http://www.gorillawalker.com/the-italian-table-eating-together-for-every-occasion.pdf
    • http://www.gorillawalker.com/the-strength-of-weakness-how-god-uses-our-flaws-to.pdf
    • http://www.gorillawalker.com/what-s-in-a-cave-what-s-in-there.pdf
    • http://www.gorillawalker.com/english-in-marine-electrical-and-electronic-engineering.pdf
    • http://www.gorillawalker.com/confronting-calvinism-a-free-grace-refutation-and-biblical-resolution-of.pdf
    • http://www.gorillawalker.com/working-on-the-dock-of-the-bay-labor-and-enterprise.pdf
    • http://www.gorillawalker.com/empire-of-pleasures-luxury-and-indulgence-in-the-roman-world.pdf
    • http://www.gorillawalker.com/good-reasons-with-contemporary-arguments-and-handbook.pdf
    • http://www.gorillawalker.com/music-space-and-place-popular-music-and-cultural-identity-ashgate.pdf
    • http://www.gorillawalker.com/linkedin-in-30-minutes-how-to-create-a-rock-solid.pdf
    • http://www.gorillawalker.com/elsie-street-m-m-romance.pdf
    • http://www.gorillawalker.com/the-prohibition-of-snow-boarding.pdf
    • http://www.gorillawalker.com/a-debt-to-be-paid.pdf
    • http://www.gorillawalker.com/gente-nivel-basico.pdf
    • http://www.gorillawalker.com/viel-l-rmen-um-nichts-german-edition.pdf
    • http://www.gorillawalker.com/management-control-systems-performance-measurement-evaluation-and-incentives-2nd-edition.pdf
    • http://www.gorillawalker.com/inclusive-equality-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.