Malicious PDF — malware analysis report

Static analysis result for SHA-256 328c0b4de4eaa117…

MALICIOUS

PDF

32.8 KB Created: 2019-07-20 19:55:10 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 00226319ffacd20c35a8b8b1ccdcf697 SHA-1: c9ff3696ad5aba6b8b09c3acdc4deffb349d6836 SHA-256: 328c0b4de4eaa1177f276830ef3d82ce7039397dbd242edc66757c0c998bfd9c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The file is identified as a malicious PDF by ClamAV and an ML classifier. It contains multiple embedded URLs pointing to external PDF documents, suggesting a lure to download further malicious content. The presence of PDF_URI and EMBEDDED_URL heuristics indicates the file's intent to redirect users to these external resources. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7186933-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7186933-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-curious-cage-life-in-a-japanese-internment-camp-1943.pdf
    • http://www.gorillawalker.com/der-jugendhilfeausschu-zusammensetzung-verfahren-und-kompetenzen-aus-verwaltungs-und-verfassungsrechtlicher.pdf
    • http://www.gorillawalker.com/titanium-science-and-technology-metallurgical-society-of-aime-proceedings.pdf
    • http://www.gorillawalker.com/principles-of-pediatric-nursing-caring-for-children-6th-edition.pdf
    • http://www.gorillawalker.com/revolutionary-guide-to-assemb-ly-language.pdf
    • http://www.gorillawalker.com/samsung-galaxy-tab-tips-tricks-and-traps-a-how-to.pdf
    • http://www.gorillawalker.com/classic-secrets-of-magic.pdf
    • http://www.gorillawalker.com/swords-and-sword-makers-of-england-and-scotland.pdf
    • http://www.gorillawalker.com/el-arte-de-la-manipulaci.pdf
    • http://www.gorillawalker.com/george-washington-first-biographies.pdf
    • http://www.gorillawalker.com/colgajos-en-cirug.pdf
    • http://www.gorillawalker.com/love-company-l-company-399th-infantry-regiment-of-the-100th.pdf
    • http://www.gorillawalker.com/en-espa-ol-texas-eedition-cd-rom-level-1a-2004.pdf
    • http://www.gorillawalker.com/basic-black-26-edgy-essentials-for-the-modern-wardrobe-kindle.pdf
    • http://www.gorillawalker.com/writing-road-to-reading-5th-rev-ed-harperresource-book.pdf
    • http://www.gorillawalker.com/sicarios-narrativa-punto-de-lectura-spanish-edition.pdf
    • http://www.gorillawalker.com/the-2-day-diet-part-time-diet-full-time-results.pdf
    • http://www.gorillawalker.com/fundamentals-of-financial-accounting-edition-for-portland-state-university-ba.pdf
    • http://www.gorillawalker.com/bach-s-cello-suites-i-iii-arranged-for-tenor-banjo.pdf
    • http://www.gorillawalker.com/aci-tms-216-1-14-code-requirements-for-determining-fire.pdf
    • http://www.gorillawalker.com/learn-then-burn-a-modern-poetry-anthology-for-the-classroom.pdf
    • http://www.gorillawalker.com/grade-level-6-teacher-edition-grammar-and-writing-voyages-in.pdf
    • http://www.gorillawalker.com/handbook-for-tavellers-in-syria-and-palestine-including-an-account.pdf
    • http://www.gorillawalker.com/mathematical-inequalities-a-perspective.pdf
    • http://www.gorillawalker.com/the-blender-book.pdf
    • http://www.gorillawalker.com/code-context-architecture.pdf
    • http://www.gorillawalker.com/puerto-rico-dk-eyewitness-top-10-travel-guide.pdf
    • http://www.gorillawalker.com/theology-of-the-old-testament-volume-one-the-old-testament.pdf
    • http://www.gorillawalker.com/shakespeare-s-king-henry-iv-part-2-cliffs-notes.pdf
    • http://www.gorillawalker.com/journals-of-travels-in-assam-burma-bhootan-afghanistan-and-the.pdf
    • http://www.gorillawalker.com/astronomica.pdf
    • http://www.gorillawalker.com/mortgage-backed-securities-2012-2013-ed-securities-law-handbook-series.pdf
    • http://www.gorillawalker.com/red-blooded.pdf
    • http://www.gorillawalker.com/complete-guide-to-sculpture-modelling-and-ceramics-techniques-and-materials.pdf
    • http://www.gorillawalker.com/dax-formulas-for-powerpivot-a-simple-guide-to-the-excel.pdf
    • http://www.gorillawalker.com/the-piranha-syndrome.pdf
    • http://www.gorillawalker.com/rand-mcnally-folded-map-st-louis-street-map-rand-mcnally.pdf
    • http://www.gorillawalker.com/practical-new-civil-and-commercial-law-dictionary-hardcover.pdf
    • http://www.gorillawalker.com/the-natural-history-of-deer-natural-history-of-mammals-series.pdf
    • http://www.gorillawalker.com/in-the-service-of-dragons-2-dragons-2-kindle-edition.pdf
    • http://www.gorillawalker.com/love-com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.