Malicious PDF — malware analysis report

Static analysis result for SHA-256 2886b9bf324e475e…

MALICIOUS

PDF

42.3 KB Created: 2018-11-21 20:53:01 +03:00 Authoring application: - (via GPL Ghostscript 8.70)
MD5: a5bc97ed519a902c20b7329649b9bc55 SHA-1: a8d2759ba413e17332b269cf14c768506a1dab3e SHA-256: 2886b9bf324e475e251337cf5ab3cd166d8387b09441ee3cd0205fb8e6b9f76e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is a PDF that contains an embedded URI pointing to another PDF file on a remote server. The ML classifier and ClamAV detection strongly indicate malicious intent, likely a dropper mechanism. The presence of numerous similar URLs suggests a broad phishing or malware distribution campaign.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7242022-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7242022-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/graph-theory-its-applications-2nd-06-by-gross-jonathan-l.pdf
    • http://www.gorillawalker.com/famous-people-of-hispanic-heritage-contemporary-role-models-for-minority.pdf
    • http://www.gorillawalker.com/the-crazy-christmas-angel-mystery-cul-de-sac-kids-book.pdf
    • http://www.gorillawalker.com/no-room-at-the-table-earth-s-most-vulnerable-children.pdf
    • http://www.gorillawalker.com/s-energy-law-in-a-nutshell.pdf
    • http://www.gorillawalker.com/becoming-mentally-tougher-in-baseball-by-using-meditation-reach-your.pdf
    • http://www.gorillawalker.com/deviations-discipline.pdf
    • http://www.gorillawalker.com/proboscis-monkeys-of-borneo.pdf
    • http://www.gorillawalker.com/managing-vertebrate-pests-feral-horses.pdf
    • http://www.gorillawalker.com/weird-gross-bible-stuff.pdf
    • http://www.gorillawalker.com/all-the-best-card-games.pdf
    • http://www.gorillawalker.com/transatlantic-anti-catholicism-france-and-the-united-states-in-the.pdf
    • http://www.gorillawalker.com/handbook-of-econometrics.pdf
    • http://www.gorillawalker.com/a-bible-based-argument-against-calvinism.pdf
    • http://www.gorillawalker.com/off-the-beaten-track-in-oahu-8-must-do-adventures.pdf
    • http://www.gorillawalker.com/the-lost-warhammer-40-000-novels.pdf
    • http://www.gorillawalker.com/michelin-green-sightseeing-travel-guide-paris-french-language-edition-french.pdf
    • http://www.gorillawalker.com/emerging-adults-religiousness-and-spirituality-meaning-making-in-an-age.pdf
    • http://www.gorillawalker.com/advanced-reconstruction-knee.pdf
    • http://www.gorillawalker.com/the-interpretation-of-nature-and-the-psyche.pdf
    • http://www.gorillawalker.com/this-side-of-home.pdf
    • http://www.gorillawalker.com/anthology-of-nagauta.pdf
    • http://www.gorillawalker.com/laboratory-exercises-in-structural-geology.pdf
    • http://www.gorillawalker.com/hechos-acts-conozca-su-biblia-know-your-bible-spanish-edition.pdf
    • http://www.gorillawalker.com/eu-trade-strategies-regionalism-and-globalism.pdf
    • http://www.gorillawalker.com/singing-the-lord-s-song-in-a-new-land-korean.pdf
    • http://www.gorillawalker.com/how-to-form-a-nevada-corporation-or-llc-from-any.pdf
    • http://www.gorillawalker.com/reconstructive-microsurgery-vademecum.pdf
    • http://www.gorillawalker.com/tunnels-of-treachery-the-tunnels-of-moose-jaw-adventure-series.pdf
    • http://www.gorillawalker.com/molecular-spectra-and-molecular-structure-3-volume-set.pdf
    • http://www.gorillawalker.com/handbook-on-islam.pdf
    • http://www.gorillawalker.com/the-tribe-of-dina-a-jewish-women-s-anthology.pdf
    • http://www.gorillawalker.com/poetics-speculation-and-judgment-the-shadow-of-the-work-of.pdf
    • http://www.gorillawalker.com/electricity-economics-and-planning-i-e-e-power-engineering-series.pdf
    • http://www.gorillawalker.com/beloved-pilgrim.pdf
    • http://www.gorillawalker.com/glycerine-a-key-cosmetic-ingredient-cosmetic-science-and-technology.pdf
    • http://www.gorillawalker.com/hexen-sexparty-6-walpurgisnacht-die-geilheit-lacht-von-luna-blanca.pdf
    • http://www.gorillawalker.com/where-the-steps-were.pdf
    • http://www.gorillawalker.com/the-prostate-massage-manual-what-every-man-needs-to-know.pdf
    • http://www.gorillawalker.com/theology-of-the-old-testament-volume-1-old-testament-library.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.