Malicious PDF — malware analysis report

Static analysis result for SHA-256 157cd5bad6bac5c8…

MALICIOUS

PDF

44.9 KB Created: 2019-04-11 13:06:21 +03:00 Authoring application: - (via Multivalent Merge)
MD5: 7cd2348e873f23f04e3d84a8c8b3f78e SHA-1: 5bd3d40501038ee1f52e61003d9457b6198d286f SHA-256: 157cd5bad6bac5c80c3b4b739be0a1a346fb8c6e3740ba4940699507e2b8360a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing indicating a link farm of 32 external PDF files, all hosted on 'gorillawalker.com'. This suggests the document's primary purpose is to redirect users to a large number of other documents, likely for SEO spam or to distribute additional malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/colonial-virginians-and-their-maryland-relatives.pdf
    • http://www.gorillawalker.com/gabriel-von-max.pdf
    • http://www.gorillawalker.com/elements-of-chemical-physics.pdf
    • http://www.gorillawalker.com/50-syncopated-solos-for-snare-drum.pdf
    • http://www.gorillawalker.com/the-precautionary-principle-an-important-issue-for-women-s-health.pdf
    • http://www.gorillawalker.com/inquest-book-one-of-the-destroyer-trilogy-kindle-edition.pdf
    • http://www.gorillawalker.com/the-mammoth-book-of-new-jules-verne-adventures-return-to.pdf
    • http://www.gorillawalker.com/the-guide-to-bicycling-the-roads-out-of-boulder.pdf
    • http://www.gorillawalker.com/the-world-s-great-masterpieces-history-biography-science-philosophy-poetry.pdf
    • http://www.gorillawalker.com/cash-s-fight-the-last-riders-volume-5.pdf
    • http://www.gorillawalker.com/everything-goes-with-ice-cream-111-decadent-treats-from-raspberry.pdf
    • http://www.gorillawalker.com/bizarre-girls.pdf
    • http://www.gorillawalker.com/differential-geometry-bundles-connections-metrics-and-curvature-oxford-graduate-texts.pdf
    • http://www.gorillawalker.com/the-kantian-subject-sensus-communis-mimesis-work-of-mourning-suny.pdf
    • http://www.gorillawalker.com/edexcel-gce-history-as-unit-1-f7-from-second-reich.pdf
    • http://www.gorillawalker.com/cataloging-processing-administering-av-materials.pdf
    • http://www.gorillawalker.com/deadpool-max.pdf
    • http://www.gorillawalker.com/froggy-s-playtime-activity-book-with-reusable-stickers-a-story.pdf
    • http://www.gorillawalker.com/symphonic-warm-ups-for-band.pdf
    • http://www.gorillawalker.com/business-law-barron-s-business-review-series.pdf
    • http://www.gorillawalker.com/deep-river-vocal-score.pdf
    • http://www.gorillawalker.com/test-item-file-the-cultural-landscape-an-introduction-to-human.pdf
    • http://www.gorillawalker.com/the-faith-explained.pdf
    • http://www.gorillawalker.com/student-workbook-for-comprehensive-health-insurance-billing-coding-reimbursement-by.pdf
    • http://www.gorillawalker.com/nigeria-the-culture-lands-peoples-and-cultures.pdf
    • http://www.gorillawalker.com/estado-do-amazonas-limites-da-republica-com-a-guyana-inglesa.pdf
    • http://www.gorillawalker.com/beaux-stratagem.pdf
    • http://www.gorillawalker.com/ju-ju-and-justice-in-nigeria.pdf
    • http://www.gorillawalker.com/the-food-of-the-god-s.pdf
    • http://www.gorillawalker.com/tort-law-for-legal-assistants-west-legal-studies.pdf
    • http://www.gorillawalker.com/paleo-diet-for-beginners-the-best-paleo-diet-recipes-and.pdf
    • http://www.gorillawalker.com/reckoning-the-ends-of-war-in-guatemala.pdf
    • http://www.gorillawalker.com/erotic-adventures.pdf
    • http://www.gorillawalker.com/securing-civil-rights-freedmen-the-fourteenth-amendment-and-the-right.pdf
    • http://www.gorillawalker.com/device-vol-2-reconstructed.pdf
    • http://www.gorillawalker.com/prostate-cancer-a-guide-for-men.pdf
    • http://www.gorillawalker.com/interactions-of-microorganisms-with-radionuclides-radioactivity-in-the-environment.pdf
    • http://www.gorillawalker.com/vita-privata-p-i-italian-edition.pdf
    • http://www.gorillawalker.com/altenheimseelsorge-gemeinden-begleiten-menschen-im-alter-und-mit-demenz-gemeindearbeit.pdf
    • http://www.gorillawalker.com/london-street-atlas-a-z-street-atlas-2013.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.