Malicious PDF — malware analysis report

Static analysis result for SHA-256 3a1302f0b3dfa412…

MALICIOUS

PDF

45.8 KB Created: 2019-02-13 22:38:22 +03:00 Authoring application: doPDF Ver 7.2 Build 376 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 058a3eba342a2d5b99d5f045ff4e4bef SHA-1: 2b48dbe42125970339da9f858d0b193141080ed5 SHA-256: 3a1302f0b3dfa412e0d4c4759c2316a32d9ba564e2fbc688883615ca9b5bbbc6
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is identified as a malicious PDF by ClamAV and an ML classifier. It contains an embedded URI pointing to an external PDF file, suggesting a social engineering lure to download further malicious content. The document body is heavily obfuscated and does not provide clear textual clues about its intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7147223-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7147223-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/think-like-jesus-lead-like-moses-leadership-lessons-from-the.pdf
    • http://www.gorillawalker.com/muscles-testing-and-function-3rd-edition.pdf
    • http://www.gorillawalker.com/research-methods-in-lifespan-development.pdf
    • http://www.gorillawalker.com/chiropractic-the-anatomy-and-physiology-of-sacral-occipital-technique.pdf
    • http://www.gorillawalker.com/complete-guide-to-used-cars-1999-consumer-guide-complete-guide.pdf
    • http://www.gorillawalker.com/summer-bulbs-simple-steps-for-growing-beautiful-glads-dahlias-begonias.pdf
    • http://www.gorillawalker.com/differential-equations-modeling-with-matlab.pdf
    • http://www.gorillawalker.com/everafter-warrior-chronicles-kindle-edition.pdf
    • http://www.gorillawalker.com/the-magic-of-half-square-triangles.pdf
    • http://www.gorillawalker.com/exploring-microsoft-office-2013-volume-1-myitlab-with-pearson-etext.pdf
    • http://www.gorillawalker.com/historias-tremendas-spanish-edition.pdf
    • http://www.gorillawalker.com/introducing-japanese-religion-world-religions.pdf
    • http://www.gorillawalker.com/mennonite-peacemaking-from-quietism-to-activism.pdf
    • http://www.gorillawalker.com/the-power-of-paradox-harness-the-energy-of-competing-ideas.pdf
    • http://www.gorillawalker.com/one-room-sunday-school-kit-summer-2014-grow-your-faith.pdf
    • http://www.gorillawalker.com/dartmouth-college-101-my-first-text-board-book.pdf
    • http://www.gorillawalker.com/bloodlines-the-valkyrie-chronicles-book-2-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/state-society-and-the-market-in-contemporary-vietnam-property-power.pdf
    • http://www.gorillawalker.com/the-anarchism-of-nestor-makhno-1918-1921-an-aspect-of.pdf
    • http://www.gorillawalker.com/reprint-etherton-percy-thomas-1879-across-the-roof-of-the.pdf
    • http://www.gorillawalker.com/ancient-turkey-a-traveller-s-history-by-lloyd-seton-2013.pdf
    • http://www.gorillawalker.com/21st-century-networking-how-to-become-a-natural-networker.pdf
    • http://www.gorillawalker.com/2016-standard-catalog-of-world-coins-2001-date.pdf
    • http://www.gorillawalker.com/stage-and-screen-adaptation-theory-from-1916-to-2000.pdf
    • http://www.gorillawalker.com/100-great-sales-tips.pdf
    • http://www.gorillawalker.com/no-plastic-sleeves-the-complete-portfolio-guide-for-photographers-and.pdf
    • http://www.gorillawalker.com/the-argentine-silent-majority-middle-classes-politics-violence-and-memory.pdf
    • http://www.gorillawalker.com/addicted-to-love-understanding-dependencies-of-the-heart-romance-relationships.pdf
    • http://www.gorillawalker.com/fractals-for-the-classroom-strategic-activities-volume-2.pdf
    • http://www.gorillawalker.com/monkeys-seedlings.pdf
    • http://www.gorillawalker.com/a-guide-to-physics-problems-part-1-mechanics-relativity-and.pdf
    • http://www.gorillawalker.com/xslt-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-the-the-theory-of-seismology.pdf
    • http://www.gorillawalker.com/ander-s-chinese-new-year-kindle-edition.pdf
    • http://www.gorillawalker.com/march-december-1797-the-papers-of-george-washington-retirement-series.pdf
    • http://www.gorillawalker.com/the-rana-look.pdf
    • http://www.gorillawalker.com/interpreting-the-old-testament-a-guide-for-exegesis.pdf
    • http://www.gorillawalker.com/the-escapes-the-ground-fighting.pdf
    • http://www.gorillawalker.com/the-best-concertina-method-yet.pdf
    • http://www.gorillawalker.com/exploration-in-tibet.pdf
    • http://www.gorillawalker.com/chiropractic-the-anat
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.