Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe46fe6e85664f5f…

MALICIOUS

PDF

41.3 KB Created: 2019-04-11 21:02:29 +03:00 Authoring application: CorelDRAW X8 (via Corel PDF Engine Version 18.1.0.661)
MD5: c980ab2658ebe88e3ed2eacb04366dcd SHA-1: c9b4d7a5b0bf4727633e05a15709613640fbae3d SHA-256: fe46fe6e85664f5f5a043df59b4f5318993994de1ae56735634298ccc8659587
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs likely serve as a lure to redirect users to potentially malicious content or for SEO manipulation purposes. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-essential-art-of-war.pdf
    • http://www.gorillawalker.com/sarasate-pablo-playera-op-23-no-1-for-violin-and.pdf
    • http://www.gorillawalker.com/el-ingenioso-hidalgo-don-quijote-de-la-mancha-montana-encantada.pdf
    • http://www.gorillawalker.com/anima-christi-soul-of-christ.pdf
    • http://www.gorillawalker.com/heavy-minerals-in-colour.pdf
    • http://www.gorillawalker.com/fresh-eggs-a-western-maryland-childhood.pdf
    • http://www.gorillawalker.com/gustav-klimt-nature-2014-fine-art.pdf
    • http://www.gorillawalker.com/passing-the-pregnancy-test-the-infertility-solution.pdf
    • http://www.gorillawalker.com/reference-data-on-atoms-molecules-and-ions-springer-series-in.pdf
    • http://www.gorillawalker.com/el-hijo-del-quincallero-the-son-of-the-ironworker-spanish.pdf
    • http://www.gorillawalker.com/the-natural-depravity-of-mankind-observations-on-the-human-condition.pdf
    • http://www.gorillawalker.com/northern-portugal-car-tours-and-walks-landscapes.pdf
    • http://www.gorillawalker.com/q-a-family-law-2011-2012-questions-and-answers-paperback.pdf
    • http://www.gorillawalker.com/big-girls-one-night-collection-6-complete-erotic-romance-stories.pdf
    • http://www.gorillawalker.com/sexual-feelings-reading-anglophone-caribbean-women-s-writing-through-affect.pdf
    • http://www.gorillawalker.com/fierce-joy.pdf
    • http://www.gorillawalker.com/presentation-zen.pdf
    • http://www.gorillawalker.com/corneal-surgery-theory-technique-and-tissue-4e.pdf
    • http://www.gorillawalker.com/how-to-pass-national-5-german-how-to-pass-national.pdf
    • http://www.gorillawalker.com/treatise-on-invertebrate-paleontology-part-h-brachiopoda-volume-2.pdf
    • http://www.gorillawalker.com/the-unified-learning-model-how-motivational-cognitive-and-neurobiological-sciences.pdf
    • http://www.gorillawalker.com/seven-practices-of-effective-ministry-north-point-resources.pdf
    • http://www.gorillawalker.com/diabetes-compact-research-series.pdf
    • http://www.gorillawalker.com/behind-closed-doors-secrets-of-great-management-pragmatic-programmers.pdf
    • http://www.gorillawalker.com/flute-concerto-op-283-set-of-parts-a6128.pdf
    • http://www.gorillawalker.com/handloader-s-digest-bullet-and-powder-update.pdf
    • http://www.gorillawalker.com/uncovering-the-secrets-of-the-red-planet-mars.pdf
    • http://www.gorillawalker.com/the-career-troubleshooter-tips-and-tools-for-overcoming-the-21.pdf
    • http://www.gorillawalker.com/instant-immersion-spanish-beginner-intermediate-spanish-edition.pdf
    • http://www.gorillawalker.com/tutorials-for-making-dolls-and-soft-toys-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/twixt-kindle-edition.pdf
    • http://www.gorillawalker.com/deep-wounds-deep-healing-an-introduction-to-deep-level-healing.pdf
    • http://www.gorillawalker.com/somali-medical-dictionary-qaamuus-caafimaad-qeexan.pdf
    • http://www.gorillawalker.com/water-quality-in-warmwater-fish-ponds.pdf
    • http://www.gorillawalker.com/private-private-novels.pdf
    • http://www.gorillawalker.com/the-paul-goodman-reader.pdf
    • http://www.gorillawalker.com/psychological-assessment-and-report-writing.pdf
    • http://www.gorillawalker.com/god-appointments.pdf
    • http://www.gorillawalker.com/how-to-carve-wood-a-book-of-projects-and-techniques.pdf
    • http://www.gorillawalker.com/stone-age-sailors-paleolithic-seafaring-in-the-mediterranean.pdf
    • http://www.gorillawalker.com/gustav-klimt-nature-2014-fine-art.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.