Malicious PDF — malware analysis report

Static analysis result for SHA-256 d76c6d6c7cf29d13…

MALICIOUS

PDF

46.0 KB Created: 2018-11-23 08:08:45 +03:00 Authoring application: CorelDRAW X8 (via Corel PDF Engine Version 18.1.0.661)
MD5: 98d4506408e14ba737d74bfb38274af3 SHA-1: 7e3affcea0bdfe91e3169c43b4d16c9eaa2b79e9 SHA-256: d76c6d6c7cf29d132b597ad911fc1774a172b98165a1bafbde9abc00e489a5c1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the 'gorillawalker.com' domain. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a large volume of potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-europe-made-of-money-the-emergence-of-the-european.pdf
    • http://www.gorillawalker.com/oral-embryology-and-microscopic-anatomy-hardcover.pdf
    • http://www.gorillawalker.com/mysterious-this-magic-moment-search-for-love-the-right-path.pdf
    • http://www.gorillawalker.com/auto-diagnosis-service-and-repair.pdf
    • http://www.gorillawalker.com/physician-assistants-policy-and-practice.pdf
    • http://www.gorillawalker.com/playing-with-fire-preaching-work-as-kindling-art.pdf
    • http://www.gorillawalker.com/big-ernie-s-new-home-a-story-for-young-children.pdf
    • http://www.gorillawalker.com/alfred-s-basic-piano-prep-course-lesson-book-bk-e.pdf
    • http://www.gorillawalker.com/touch-and-blindness-psychology-and-neuroscience.pdf
    • http://www.gorillawalker.com/buddhism-beyond-borders-new-perspectives-on-buddhism-in-the-united.pdf
    • http://www.gorillawalker.com/african-american-folktales-for-young-readers-including-favorite-stories-from.pdf
    • http://www.gorillawalker.com/portraits-of-success-9-keys-to-sustaining-value-in-any.pdf
    • http://www.gorillawalker.com/the-insider-s-guide-to-music-licensing.pdf
    • http://www.gorillawalker.com/sarah-women-of-genesis-book-1.pdf
    • http://www.gorillawalker.com/healing-through-deliverance-vol-1-the-foundation-of-deliverance-ministry.pdf
    • http://www.gorillawalker.com/mcgraw-hill-mathematics-grade-6.pdf
    • http://www.gorillawalker.com/my-turn-to-learn-opposites.pdf
    • http://www.gorillawalker.com/withism-s-from-lori-boldness-clarity-wisdom-for-fundraising-professionals.pdf
    • http://www.gorillawalker.com/l-italiana-in-algeri-act-ii-quintetto-ti-presento-di.pdf
    • http://www.gorillawalker.com/international-legal-english-student-s-book-with-audio-cds-3.pdf
    • http://www.gorillawalker.com/manager-redefined-the-competitive-advantage-in-the-middle-of-your.pdf
    • http://www.gorillawalker.com/behavior-and-its-neural-control-in-gastropod-molluscs.pdf
    • http://www.gorillawalker.com/toxic-people-10-ways-of-dealing-with-people-who-make.pdf
    • http://www.gorillawalker.com/karen-brown-s-italy-charming-bed-breakfasts-2004-karen-brown.pdf
    • http://www.gorillawalker.com/meet-me-at-the-globe-a-novel-for-young-people.pdf
    • http://www.gorillawalker.com/larousse-college-dictionary-french-english-english-french-french-edition.pdf
    • http://www.gorillawalker.com/karl-fischer-titration-determination-of-water-chemical-laboratory-practice.pdf
    • http://www.gorillawalker.com/happy-christmas-boldog-karacsonyt.pdf
    • http://www.gorillawalker.com/plant-based-whole-food-diet-your-ultimate-guide-to-starting.pdf
    • http://www.gorillawalker.com/through-samaria-to-galilee-and-the-jordan-scenes-of-the.pdf
    • http://www.gorillawalker.com/demons-and-the-making-of-the-monk-spiritual-combat-in.pdf
    • http://www.gorillawalker.com/living-wild-the-ultimate-guide-to-scouting-and-fieldcraft.pdf
    • http://www.gorillawalker.com/american-sign-language-for-beginners-flashcards-action-oppossites-pack-incl.pdf
    • http://www.gorillawalker.com/life-amplified-our-family-touched-by-autism.pdf
    • http://www.gorillawalker.com/vhdl-a-logic-synthesis-approach.pdf
    • http://www.gorillawalker.com/maitland-manipulaci-n-perif-rica-cd-rom-4e-spanish-edition.pdf
    • http://www.gorillawalker.com/living-with-max-our-family-story.pdf
    • http://www.gorillawalker.com/staying-steady-in-unsteady-times-charismatic-living-series.pdf
    • http://www.gorillawalker.com/the-president-as-leader-appealing-to-the-better-angels-of.pdf
    • http://www.gorillawalker.com/free-association-where-my-mind-goes-during-science-class-a.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.