Malicious PDF — malware analysis report

Static analysis result for SHA-256 e51d0836a5021fb9…

MALICIOUS

PDF

42.4 KB Created: 2019-04-29 11:48:38 +03:00 Authoring application: CorelDRAW X5 (via Corel PDF Engine Version 15.1.0.588)
MD5: 1f4af95c943b9558d3e01170ddf9addb SHA-1: 1be2a16d782c8889af951e48c95468e4f60fc8ca SHA-256: e51d0836a5021fb9caceda1f6dbe5baedd9bed2e1b0cedfe3fc568294a6f427b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, specifically a link farm. The majority of the embedded URLs point to PDF files on the domain www.gorillawalker.com. This suggests the document's primary purpose is to redirect users to a large collection of other documents, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/trim-life-diets-don-t-work-hypnosis-does.pdf
    • http://www.gorillawalker.com/the-third-jumbo-book-of-hidden-pictures.pdf
    • http://www.gorillawalker.com/computational-mathematics-models-methods-and-analysis-with-matlab-and-mpi.pdf
    • http://www.gorillawalker.com/great-disciples-of-the-buddha-their-lives-their-works-their.pdf
    • http://www.gorillawalker.com/a-time-to-dance-timeless-love-series.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-using-google-in-libraries-instruction-administration.pdf
    • http://www.gorillawalker.com/pachelbel-canon-violin-and-piano.pdf
    • http://www.gorillawalker.com/tribebook-children-of-gaia.pdf
    • http://www.gorillawalker.com/royal-scots-greys-men-at-arms.pdf
    • http://www.gorillawalker.com/magia-para-protegerse-y-combatir-los-hechizos-magia-y-ocultismo.pdf
    • http://www.gorillawalker.com/moi-benjamin-v-33-ans-l-ge-du-christ-et.pdf
    • http://www.gorillawalker.com/franschhoek-food-kindle-edition.pdf
    • http://www.gorillawalker.com/psychometrically-relevant-differences-between-source-and-migrant-populations-challenges-in.pdf
    • http://www.gorillawalker.com/zentangle-zentangle-art-for-beginners-learn-zentangle-basics-and-get.pdf
    • http://www.gorillawalker.com/books-for-kids-little-sandy-and-the-magical-forest-kids.pdf
    • http://www.gorillawalker.com/the-hangin-oak-a-ghost-story.pdf
    • http://www.gorillawalker.com/philomena-kindle-edition.pdf
    • http://www.gorillawalker.com/naugatuck-valley-textile-industry-images-of-america.pdf
    • http://www.gorillawalker.com/the-society-forbidden-doors-book-1.pdf
    • http://www.gorillawalker.com/tales-from-the-secret-footballer.pdf
    • http://www.gorillawalker.com/michael-jackson-number-ones-piano-vocal-chords-pvg.pdf
    • http://www.gorillawalker.com/african-american-art-2008-calendar.pdf
    • http://www.gorillawalker.com/harry-and-the-dinosaurs-go-to-school.pdf
    • http://www.gorillawalker.com/advanced-outsourcing-practice-rethinking-ito-bpo-and-cloud-services.pdf
    • http://www.gorillawalker.com/life-and-health-disability-insurance-prometric.pdf
    • http://www.gorillawalker.com/mirrored-kindle-edition.pdf
    • http://www.gorillawalker.com/concepts-and-issues-in-comparative-politics-an-introduction-to-comparative.pdf
    • http://www.gorillawalker.com/danson-house-the-anatomy-of-a-georgian-villa.pdf
    • http://www.gorillawalker.com/mi-primer-libro-de-cocina-paso-a-paso-guia-de.pdf
    • http://www.gorillawalker.com/st-augustine-palm-coast-fl-city-county-street-folding-maps.pdf
    • http://www.gorillawalker.com/poucher-s-perfumes-cosmetics-and-soaps-volume-3-cosmetics.pdf
    • http://www.gorillawalker.com/the-e-myth-optometrist.pdf
    • http://www.gorillawalker.com/wizard-weather-sacred-band-of-stepsons-sacred-band-tales-book.pdf
    • http://www.gorillawalker.com/das-sichtbare-kino-german-language-edition-f-nfzig-jahre-filmmuseum.pdf
    • http://www.gorillawalker.com/leininger-s-culture-care-diversity-and-universality-a-worldwide-nursing.pdf
    • http://www.gorillawalker.com/brainfit-10-minutes-a-day-for-a-sharper-mind-and.pdf
    • http://www.gorillawalker.com/big-red.pdf
    • http://www.gorillawalker.com/start-your-own-event-planning-business-your-step-by-step.pdf
    • http://www.gorillawalker.com/gilgamesh-a-new-english-version.pdf
    • http://www.gorillawalker.com/the-therapeutic-turn-how-psychology-altered-western-culture-concepts-for.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-us
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.