Malicious PDF — malware analysis report

Static analysis result for SHA-256 3cf07494d62e030d…

MALICIOUS

PDF

35.4 KB Created: 2019-05-24 00:42:35 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Publisher (via Acrobat Distiller 7.0 (Windows))
MD5: e2a7de227097ade15b9302ee8537a5d5 SHA-1: e1efe87b6672ff1ed0e58f2ce6b1798ca824939c SHA-256: 3cf07494d62e030d3f06698e74f6f760d57f6697f9666af70357efd9bedbcaa1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected as malicious by ClamAV and an ML classifier, indicating it is a Pdf.Dropper.Agent. The presence of multiple external URIs suggests the PDF is intended to download and execute a second-stage payload. The document body contains obfuscated data and embedded URLs, further supporting the dropper functionality.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7168150-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7168150-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-tap-dance-dictionary-paperback-2012-reprint-ed-mark-knowles.pdf
    • http://www.gorillawalker.com/casebook-for-exploring-diversity-in-k-12-classrooms-a.pdf
    • http://www.gorillawalker.com/mary-magdalene-iconographic-studies-from-the-middle-ages-to-the.pdf
    • http://www.gorillawalker.com/jazz-phrasing-a-workshop-for-the-jazz-vocalist-book-cd.pdf
    • http://www.gorillawalker.com/teen-health.pdf
    • http://www.gorillawalker.com/getting-lucky-the-las-vegas-kingsnakes-players-club-series-1.pdf
    • http://www.gorillawalker.com/shifting-global-powers-and-international-law-challenges-and-opportunities.pdf
    • http://www.gorillawalker.com/nigerian-studies-or-the-religious-and-political-system-of-the.pdf
    • http://www.gorillawalker.com/fossil-corals-from-central-america-cuba-and-porto-rico-with.pdf
    • http://www.gorillawalker.com/icons-a-sacred-art.pdf
    • http://www.gorillawalker.com/license-to-steal.pdf
    • http://www.gorillawalker.com/juice-recipes-juice-diet-detox-and-weight-loss-juicer-recipes.pdf
    • http://www.gorillawalker.com/veterinary-medical-school-admission-requirements-in-the-united-states-and.pdf
    • http://www.gorillawalker.com/the-girl-of-the-golden-west-la-fanciulla-del-west.pdf
    • http://www.gorillawalker.com/privacy-on-the-ground-driving-corporate-behavior-in-the-united.pdf
    • http://www.gorillawalker.com/notes-from-the-garden-reflections-and-observations-of-an-organic.pdf
    • http://www.gorillawalker.com/planet-x-forecast-and-2012-survival-guide.pdf
    • http://www.gorillawalker.com/dark-space-book-2-the-invisible-war.pdf
    • http://www.gorillawalker.com/wave-generation-and-shaping.pdf
    • http://www.gorillawalker.com/iaccm-fundamentals-of-contract-and-commercial-management.pdf
    • http://www.gorillawalker.com/in-quest-of-spirit-thoughts-on-music-ernest-bloch-lectures.pdf
    • http://www.gorillawalker.com/solutions-manual-for-organic-chemistry-7th-edition.pdf
    • http://www.gorillawalker.com/supervision-and-management-of-quantity-food-preparation-principles-and-procedures.pdf
    • http://www.gorillawalker.com/the-portable-abraham-lincoln-viking-portable-library.pdf
    • http://www.gorillawalker.com/the-daring-exploits-of-a-runaway-heiress.pdf
    • http://www.gorillawalker.com/embedded-control-systems-in-c-c.pdf
    • http://www.gorillawalker.com/battle-angel-alita-vol-9-angel-s-ascension.pdf
    • http://www.gorillawalker.com/the-making-of-lebanese-foreign-policy-understanding-the-2006-hezbollah.pdf
    • http://www.gorillawalker.com/companion-to-the-constitution-of-the-presbyterian-church-u-s.pdf
    • http://www.gorillawalker.com/list-of-available-publications-of-the-united-states-department-of.pdf
    • http://www.gorillawalker.com/chasing-each-other.pdf
    • http://www.gorillawalker.com/how-to-be-a-jewelry-detective-elementary-clues-to-solving.pdf
    • http://www.gorillawalker.com/dead-of-eve-volume-1.pdf
    • http://www.gorillawalker.com/million-dollar-consulting-tm-toolkit-step-by-step-guidance-checklists.pdf
    • http://www.gorillawalker.com/tibetan-thangka-painting-methods-materials.pdf
    • http://www.gorillawalker.com/p2-advanced-management-accounting-revision-cards.pdf
    • http://www.gorillawalker.com/raising-disciples-the-mission-of-the-christian-parent.pdf
    • http://www.gorillawalker.com/an-historical-analysis-of-the-tontine-principle-s-s-huebner.pdf
    • http://www.gorillawalker.com/tapas-y-pinchos-de-alta-cocina-tapas-and-kebabs-of.pdf
    • http://www.gorillawalker.com/the-teotwawki-tuxedo-formal-survival-attire.pdf
    • http://www.gorillawalker.com/veterinary-medical-sch
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.