Malicious PDF — malware analysis report

Static analysis result for SHA-256 1adc7c41b389d1d8…

MALICIOUS

PDF

43.7 KB Created: 2019-02-13 03:31:04 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.0)
MD5: ab11db684f7b3ea4f3b2a92127cd62e3 SHA-1: f31a1dcf4e8fbe70a2cb73141fbb1daaa6615f78 SHA-256: 1adc7c41b389d1d83684c1179c630c368d48c96fa7f5e82a8a65e1b827d27d7c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected by ClamAV as Pdf.Dropper.Agent-7142686-0 and flagged by an ML classifier as malicious. It contains multiple embedded URLs pointing to PDF files on the same domain, suggesting it acts as a dropper for further malicious content. The presence of these URLs indicates an attempt to redirect the user or download additional payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7142686-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142686-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/range-boss.pdf
    • http://www.gorillawalker.com/white-chocolate-moments.pdf
    • http://www.gorillawalker.com/pmp-exam-prep-rapid-learning-to-pass-pmi-s-pmp.pdf
    • http://www.gorillawalker.com/car-free-in-buffalo-a-guide-to-buffalo-s-neighborhoods.pdf
    • http://www.gorillawalker.com/sam-office-2010-assessment-projects-and-training-v1-0-instant.pdf
    • http://www.gorillawalker.com/aquaponics-at-home-growing-fish-vegetables-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/potato-chip-recipes-the-ultimate-guide.pdf
    • http://www.gorillawalker.com/ethnicity-islam-and-nationalism-muslim-politics-in-the-north-west.pdf
    • http://www.gorillawalker.com/tradecraft-for-the-church-on-mission.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-appellate-advocacy-2nd-edition.pdf
    • http://www.gorillawalker.com/i-can-count-100-bunnies-and-so-can-you.pdf
    • http://www.gorillawalker.com/the-life-of-buddha-as-legend-and-history.pdf
    • http://www.gorillawalker.com/pre-islamic-south-arabia-and-its-neighbours-new-developments-of.pdf
    • http://www.gorillawalker.com/outdoor-inquiries-taking-science-investigations-outside-the-classroom.pdf
    • http://www.gorillawalker.com/complete-vegetarian.pdf
    • http://www.gorillawalker.com/chatting-or-cheating.pdf
    • http://www.gorillawalker.com/contes-bleus-du-chat-perch-le-loup-et-l-l.pdf
    • http://www.gorillawalker.com/museums-objects-and-collections.pdf
    • http://www.gorillawalker.com/practical-m-a-execution-and-integration-a-step-by-step.pdf
    • http://www.gorillawalker.com/inorganic-reactions-and-methods-the-formation-of-bonds-to-c.pdf
    • http://www.gorillawalker.com/bee-movie-a-guide-to-the-sweet-life.pdf
    • http://www.gorillawalker.com/picasso-creator-and-destroyer.pdf
    • http://www.gorillawalker.com/holy-warriors-a-modern-history-of-the-crusades.pdf
    • http://www.gorillawalker.com/the-sociology-of-job-training-volume-12-research-in-the.pdf
    • http://www.gorillawalker.com/35-family-favorite-casserole-recipes-for-lunch-and-brunch-the.pdf
    • http://www.gorillawalker.com/outlaws-of-the-marsh-volume-11-rage-and-rebellion.pdf
    • http://www.gorillawalker.com/cooking-without-a-grain-of-salt.pdf
    • http://www.gorillawalker.com/hieroglyphs-for-travelers.pdf
    • http://www.gorillawalker.com/la-escultura-el-arte-en-accion-action-art-spanish-edition.pdf
    • http://www.gorillawalker.com/the-red-notebook-true-stories.pdf
    • http://www.gorillawalker.com/autos-deportivos-sports-cars-2006-calendar-racing-wall-calendars-spanish.pdf
    • http://www.gorillawalker.com/colour-atlas-of-dermatology.pdf
    • http://www.gorillawalker.com/exploring-psychology-in-modules-paper.pdf
    • http://www.gorillawalker.com/lent-with-st-john-s-gospel-church-of-ireland.pdf
    • http://www.gorillawalker.com/trains-boys-toys.pdf
    • http://www.gorillawalker.com/end-of-state-now-all-the-rules-have-changed-left.pdf
    • http://www.gorillawalker.com/bangladesh-telecom-laws-and-regulations-handbook-world-law-business-library.pdf
    • http://www.gorillawalker.com/obstacle-course-the-report-of-the-twentieth-century-fund-task.pdf
    • http://www.gorillawalker.com/cooking-with-yogurt.pdf
    • http://www.gorillawalker.com/timeless-autumn.pdf
    • http://www.gorillawalker.com/aquaponics-at-home-growing-fish-vegetables-unabridged-audible-audio-ed
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.