Malicious PDF — malware analysis report

Static analysis result for SHA-256 223295126d2e7e3d…

MALICIOUS

PDF

44.2 KB Created: 2018-11-23 21:08:42 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 6.0.1 for Macintosh)
MD5: 0a439b313e6b89eb35bfefc84a68d747 SHA-1: b0df55125b8da9a30fae583acaf642e241c6703b SHA-256: 223295126d2e7e3d188bb9b1b6e33b148ebea098e37a8e0b896ab27af3e30f76
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected by ClamAV as Pdf.Dropper.Agent-7147264-0, indicating it functions as a dropper. ML classification also flagged it as malicious. The presence of an external URI pointing to a PDF file suggests a download or redirection mechanism. No scripts were extracted, but the dropper functionality is clear from the heuristics.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8842

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7147264-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7147264-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/works-of-meister-eckhart.pdf
    • http://www.gorillawalker.com/the-sixth-extinction-journeys-among-the-lost-and-left-behind.pdf
    • http://www.gorillawalker.com/modernism-in-dispute-art-since-the-forties-modern-art-practices.pdf
    • http://www.gorillawalker.com/ja-96-yearbook-2014.pdf
    • http://www.gorillawalker.com/historia-de-los-gobernantes-del-paraguay-1535-1887-paperback.pdf
    • http://www.gorillawalker.com/plan-extra-time-for-fall-trip-to-baltimore-an-article.pdf
    • http://www.gorillawalker.com/don-t-ever-quit.pdf
    • http://www.gorillawalker.com/heart-sounds-a-cardiac-auscultation-primer.pdf
    • http://www.gorillawalker.com/the-new-mutants-superheroes-and-the-radical-imagination-of-american.pdf
    • http://www.gorillawalker.com/this-is-not-available-048620.pdf
    • http://www.gorillawalker.com/who-was-saint-veronica-kindle-edition.pdf
    • http://www.gorillawalker.com/fraud-a-practitioner-s-handbook-criminal-practice-series.pdf
    • http://www.gorillawalker.com/practica-del-guion-cinematografico-practice-of-screenplay-spanish-edition.pdf
    • http://www.gorillawalker.com/the-art-of-staying-neutral-the-netherlands-in-the-first.pdf
    • http://www.gorillawalker.com/final-cut-express-4-editing-workshop.pdf
    • http://www.gorillawalker.com/sri-puspanjali-2-volume-set-recent-researchers-in-prehistory-art.pdf
    • http://www.gorillawalker.com/james-braid-champion-golfer.pdf
    • http://www.gorillawalker.com/kyoto-quizzes-800-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/what-makes-a-flower-grow-usborne-starting-point-science.pdf
    • http://www.gorillawalker.com/cry-zimbabwe-independence-twenty-years-on.pdf
    • http://www.gorillawalker.com/typography-type-specimen-books-bodoni-imprints-civilite-exotic-type-books.pdf
    • http://www.gorillawalker.com/breaking-normal-dream-weaver-novels-book-3-a-dark-young.pdf
    • http://www.gorillawalker.com/explaining-unexplained-illnesses-disease-paradigm-for-chronic-fatigue-syndrome-multiple.pdf
    • http://www.gorillawalker.com/dead-is-so-last-year.pdf
    • http://www.gorillawalker.com/manual-of-acidic-emission-abatement-technologies-mobile-sources-v-4.pdf
    • http://www.gorillawalker.com/zenobia-queen-between-reality-and-legend.pdf
    • http://www.gorillawalker.com/tiger-s-choice-silver-bullet-3-siren-publishing-classic-manlove.pdf
    • http://www.gorillawalker.com/hegels-concept-of-god-suny-series-in-hegelian-studies.pdf
    • http://www.gorillawalker.com/understanding-capitalism-critical-analysis-from-karl-marx-to-amartya-sen.pdf
    • http://www.gorillawalker.com/i-think-my-teacher-s-a-psychopath-kindle-edition.pdf
    • http://www.gorillawalker.com/foundations-of-restaurant-management-and-culinary-arts-level-2-teacher.pdf
    • http://www.gorillawalker.com/combinatorial-theory.pdf
    • http://www.gorillawalker.com/crafting-prehispanic-maya-kinship.pdf
    • http://www.gorillawalker.com/corporate-finance-theory.pdf
    • http://www.gorillawalker.com/forensic-ballistics-styles-of-projectiles-crime-scene-investigation.pdf
    • http://www.gorillawalker.com/early-netherlandish-painting-from-rogier-van-der-weyden-to-gerard.pdf
    • http://www.gorillawalker.com/the-sea-power-of-the-state.pdf
    • http://www.gorillawalker.com/social-skills-training-for-children-with-asperger-syndrome-and-high.pdf
    • http://www.gorillawalker.com/the-children-s-picture-book-how-to-write-it-how.pdf
    • http://www.gorillawalker.com/between-ideology-and-realpolitik-woodrow-wilson-and-the-russian-revolution.pdf
    • http://www.gorillawalker.com/modernism-in-dispute-art-since-th
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.