Malicious PDF — malware analysis report

Static analysis result for SHA-256 247574f1599dd146…

MALICIOUS

PDF

42.8 KB Created: 2018-11-14 08:34:29 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0 (Windows))
MD5: 008cc4412872833512a7a59122899506 SHA-1: e567feb4a51e5c5418d5a2a437de6cd4ca2cd613 SHA-256: 247574f1599dd146fe4b794d99bfd7dd90fa2cc7de4d25685e1a7b7187c84391
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected by ClamAV as Pdf.Dropper.Agent-7239910-0 and flagged by an ML classifier, indicating malicious intent. The PDF contains multiple embedded URLs, one of which is explicitly identified as an external URI, suggesting it is used to download and execute a secondary payload. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7239910-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7239910-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/electronics-manufacturing-processes.pdf
    • http://www.gorillawalker.com/25-and-under-1996-a-guide-to-the-best-inexpensive.pdf
    • http://www.gorillawalker.com/true-crime-true-north-the-golden-age-of-canadian-pulp.pdf
    • http://www.gorillawalker.com/bian-zheng-yu-han-ming-qing-zhong-yi-zhen-shan.pdf
    • http://www.gorillawalker.com/critical-survey-of-mystery-and-detective-fiction.pdf
    • http://www.gorillawalker.com/ministry-of-angels-a-novel-of-hope-and-restoration-in.pdf
    • http://www.gorillawalker.com/history-of-the-florentine-people-volume-3-books-ix-xii.pdf
    • http://www.gorillawalker.com/rigged-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/media-and-culture-an-introduction-to-mass-communication.pdf
    • http://www.gorillawalker.com/mastering-creative-anxiety-24-lessons-for-writers-painters-musicians-and.pdf
    • http://www.gorillawalker.com/the-price-of-my-soul.pdf
    • http://www.gorillawalker.com/mel-bay-aerobics-for-fiddlers.pdf
    • http://www.gorillawalker.com/look-out-below-turtleback-school-library-binding-edition-scholastic-reader.pdf
    • http://www.gorillawalker.com/concrete-and-culture-a-material-history.pdf
    • http://www.gorillawalker.com/the-art-of-public-speaking-11th-edition.pdf
    • http://www.gorillawalker.com/radiophysical-and-geomagnetic-effects-of-rocket-burn-and-launch-in.pdf
    • http://www.gorillawalker.com/a-glorious-age-in-africa-the-story-of-3-great.pdf
    • http://www.gorillawalker.com/war-trash-perfect-paperback.pdf
    • http://www.gorillawalker.com/naughty-nanny-series-accidentally-in-love.pdf
    • http://www.gorillawalker.com/conversations-with-myself-chinese-edition.pdf
    • http://www.gorillawalker.com/flashing-fire-engines-amazing-machines.pdf
    • http://www.gorillawalker.com/solar-energy-the-state-of-the-art.pdf
    • http://www.gorillawalker.com/magnetic-nanostructures-second-edition.pdf
    • http://www.gorillawalker.com/wild-truth-bible-lessons.pdf
    • http://www.gorillawalker.com/coping-isn-t-enough-kindle-edition.pdf
    • http://www.gorillawalker.com/prentice-hall-literature-illinois-grade-ten-penguin-edition.pdf
    • http://www.gorillawalker.com/an-irresistible-bachelor.pdf
    • http://www.gorillawalker.com/chatting-with-robert-deaton-kieth-urban-brad-paisley-vince-gill.pdf
    • http://www.gorillawalker.com/the-heights.pdf
    • http://www.gorillawalker.com/agbero-kindle-edition.pdf
    • http://www.gorillawalker.com/it-s-not-all-in-your-head-how-worrying-about.pdf
    • http://www.gorillawalker.com/serse-leaves-of-dainty-green-ombra-mai-fu-piano-sheet.pdf
    • http://www.gorillawalker.com/coloursutra-colouring-book-for-adults-the-ultimate-stress-reliever.pdf
    • http://www.gorillawalker.com/scent-of-danger-nancy-drew-files-book-44-kindle-edition.pdf
    • http://www.gorillawalker.com/title-46-shipping-70-89-2011-title-46-shipping.pdf
    • http://www.gorillawalker.com/la-traviata-act-ii-coro-di-zingarelle-gypsy-chorus-noi.pdf
    • http://www.gorillawalker.com/sea-kayaking-safety-rescue-from-mild-to-wild-conditons-the.pdf
    • http://www.gorillawalker.com/ptsd-heroes-odessey-love-is-the-door-way-into-our.pdf
    • http://www.gorillawalker.com/taking-a-fresh-look-at-dairy-products-an-article-from.pdf
    • http://www.gorillawalker.com/baptism-in-the-early-church-history-theology-and-liturgy-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.