Malicious PDF — malware analysis report

Static analysis result for SHA-256 1d314d0361c13a98…

MALICIOUS

PDF

14.2 KB Created: 2019-05-01 17:42:56 +01:00 Authoring application: mPDF 5.7
MD5: ad355b5b58cee766d7c846a9b176867b SHA-1: 722d32e5a53dcf36227776f8a92761a345961c34 SHA-256: 1d314d0361c13a9825b87b4bd38db1c79f3faf9a8165337f5346acc63bfa8801
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

This PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a dropper. The document contains multiple embedded links that redirect to external URLs hosted on kiteeearpdf.myhome.cx. These URLs are likely used to download and execute a second-stage payload. The presence of these links and the dropper detection strongly indicate a malicious intent to compromise the user's system.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9200

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-9571761-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9571761-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kiteeearpdf.myhome.cx/1f210f217f215f214f219f216/Hold-Tight-For-You-2-by-Alexa-Riley.pdf
    • http://kiteeearpdf.myhome.cx/2f218f214f216f217f212/Hold-on-Tight-Hold-Trilogy-3-by-Stephanie-Tyler.pdf
    • http://kiteeearpdf.myhome.cx/2f219f219f210f210f210/Hold-Tight-by-Christopher-Bram.pdf
    • http://kiteeearpdf.myhome.cx/4f212f219f210f215f217/Hold-On-Tight-Insiders-5-by-J-Minter.pdf
    • http://kiteeearpdf.myhome.cx/7f216f210f212f217f211/Hold-Tight-by-John-Prater.pdf
    • http://kiteeearpdf.myhome.cx/4f219f212f216f217f211/Hold-on-Tight-Sea-Breeze-8-by-Abbi-Glines.pdf
    • http://kiteeearpdf.myhome.cx/1f215f217f211f217f215/Hold-Tight-by-Felicity-Fair-Thompson.pdf
    • http://kiteeearpdf.myhome.cx/1f210f211f217f210f210/Hold-Tight-the-Thread-by-Jane-Kirkpatrick.pdf
    • http://kiteeearpdf.myhome.cx/1f219f215f215f210f211/Hold-Tight-Don-t-Let-Go-by-Laura-Rose-Wagner.pdf
    • http://kiteeearpdf.myhome.cx/2f219f217f213f210f219/Hold-Tight-Willow-Springs-Ranch-2-by-L-E-Harner.pdf
    • http://kiteeearpdf.myhome.cx/1f219f217f218f210f214/Hold-Me-Tight-Greenpoint-Artists-2-by-Talia-Surova.pdf
    • http://kiteeearpdf.myhome.cx/1f218f219f215f210/Hold-Tight-Gently-Michael-Callen-Essex-Hemphill-and-the-Battlefield-of-AIDS-by-Martin-Duberman.pdf
    • http://kiteeearpdf.myhome.cx/4f218f212f214f218f219/Hold-On-Alexa-Reed-2-by-Hilary-Wynne.pdf
    • http://kiteeearpdf.myhome.cx/8f215f214f211/Built-For-Her-by-Alexa-Riley.pdf
    • http://kiteeearpdf.myhome.cx/1f210f217f215f214f213f216/Claimed-For-Her-3-by-Alexa-Riley.pdf
    • http://kiteeearpdf.myhome.cx/7f215f211f212/Be-Mine-Or-Else-by-Alexa-Riley.pdf
    • http://kiteeearpdf.myhome.cx/4f214f214f217/Paid-For-by-Alexa-Riley.pdf
    • http://kiteeearpdf.myhome.cx/2f216f217f211f219f211/Taken-by-the-Russian-by-Alexa-Riley.pdf
    • http://kiteeearpdf.myhome.cx/8f211f214f215/Sheltered-by-Alexa-Riley.pdf
    • http://kiteeearpdf.myhome.cx/3f213f216f212f213f215/Flight-Risk-by-Alexa-Riley.pdf
    • http://kiteeearpdf.myhome.cx/1f218f219f215f210/Hold-Tight-Gently-Michael-Callen-Essex-Hemphill-and-the-Battlefield-of-AIDS

Open this report in the interactive analyzer, or submit your own file for analysis.