Malicious PDF — malware analysis report

Static analysis result for SHA-256 2daa658ef2ac849d…

MALICIOUS

PDF

35.4 KB Created: 2019-09-02 22:06:28 +03:00 Authoring application: doPDF Ver 7.3 Build 391 (Windows 7 Home Premium Edition (SP 1) - Version: 6.1.7601 (x64))
MD5: da82934f236eda2c37f6921f93c0ba3c SHA-1: a7fb9f9fb3a94e6ca31f171a70692136f165434e SHA-256: 2daa658ef2ac849d5eac88f4795edc34bf55391e08325a1c2480c56a4664eafe
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The ClamAV detection 'Pdf.Dropper.Agent-7186395-0' and the ML classifier strongly indicate malicious intent. The PDF contains an embedded URI pointing to 'http://www.gorillawalker.com/painters-of-fantasy-from-hieronymous-bosch-to-salvador-dali.pdf', which is likely the distribution point for a secondary payload. The document body is heavily obfuscated and unreadable, providing no further context on the lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7186395-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7186395-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/painters-of-fantasy-from-hieronymous-bosch-to-salvador-dali.pdf
    • http://www.gorillawalker.com/my-little-monster-4.pdf
    • http://www.gorillawalker.com/parents-to-the-end-how-baby-boomers-can-parent-for.pdf
    • http://www.gorillawalker.com/manual-of-veterinary-clinical-pathology-comstock-series-in-veterinary-medicine.pdf
    • http://www.gorillawalker.com/safe-word-an-erotic-s-m-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/true-north-christ-the-gospel-and-creation-care.pdf
    • http://www.gorillawalker.com/divine-providence-and-human-agency-trinity-creation-and-freedom.pdf
    • http://www.gorillawalker.com/aktuelle-pflegetechniken-im-op-minimal-invasive-chirurgie-thorax-und-gefasschirurgie.pdf
    • http://www.gorillawalker.com/the-rise-of-the-red-queen-a-red-solaris-mystery.pdf
    • http://www.gorillawalker.com/a-rule-of-queens-book-13-in-the-sorcerer-s.pdf
    • http://www.gorillawalker.com/ebony-great-black-americans-2010-calendar-president-barack-obama-a.pdf
    • http://www.gorillawalker.com/christmas-its-origin-celebration-and-significance-as-related-in-prose.pdf
    • http://www.gorillawalker.com/pony-club-stories-pony-club-cup-pony-club-challenge-pony.pdf
    • http://www.gorillawalker.com/basodino-import-map.pdf
    • http://www.gorillawalker.com/agricultural-education-postsecondary-teaching-materials-methods-and-curricula-january-1990.pdf
    • http://www.gorillawalker.com/the-modern-syrians-or-native-society-in-damascus-aleppo-and.pdf
    • http://www.gorillawalker.com/marketing-and-consumer-behavior-concepts-methodologies-tools-and-applications.pdf
    • http://www.gorillawalker.com/free-decorating-how-to-shop-smart-save-money-and-love.pdf
    • http://www.gorillawalker.com/fact-or-fiction-20-urban-legends-ghost-stories-rumors-secrets.pdf
    • http://www.gorillawalker.com/artisans-sufis-shrines-colonial-architecture-in-nineteenth-century-punjab.pdf
    • http://www.gorillawalker.com/ley-de-aduanas-de-la-republica-del-ecuador-vigente-desde.pdf
    • http://www.gorillawalker.com/moon-the-life-and-death-of-a-rock-legend.pdf
    • http://www.gorillawalker.com/children-s-counting-out-rhymes-fingerplays-jump-rope-and-bounce.pdf
    • http://www.gorillawalker.com/grey-pinstripes-with-green-ties-mba-programs-where-the-environment.pdf
    • http://www.gorillawalker.com/chasing-pretty-kindle-edition.pdf
    • http://www.gorillawalker.com/museums-and-the-material-world-collecting-the-arabian-peninsula.pdf
    • http://www.gorillawalker.com/dead-is-a-battlefield-dead-is-series-book-6.pdf
    • http://www.gorillawalker.com/click-to-calm-healing-the-aggressive-dog.pdf
    • http://www.gorillawalker.com/sweet-surrender-complete-collection.pdf
    • http://www.gorillawalker.com/anti-anxiety-drugs-drugs-the-straight-facts.pdf
    • http://www.gorillawalker.com/flora-of-iraq.pdf
    • http://www.gorillawalker.com/cheltenham-streetfinder-map.pdf
    • http://www.gorillawalker.com/to-dwell-in-darkness-a-novel-duncan-kincaid-gemma-james.pdf
    • http://www.gorillawalker.com/wotan-s-holy-rites-ritual-book-of-blotar.pdf
    • http://www.gorillawalker.com/expensive-taste-kindle-edition.pdf
    • http://www.gorillawalker.com/acca-part-3-3-7-strategic-financial-management-study-text.pdf
    • http://www.gorillawalker.com/the-last-wilderness-seekers-4.pdf
    • http://www.gorillawalker.com/ceramics-a-world-guide-to-traditional-techniques.pdf
    • http://www.gorillawalker.com/global-lockdown-race-gender-and-the-prison-industrial-complex.pdf
    • http://www.gorillawalker.com/haunted-fingerprints-book-2.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.