Malicious PDF — malware analysis report

Static analysis result for SHA-256 3f11392e6ce42be8…

MALICIOUS

PDF

44.4 KB Created: 2018-11-30 20:59:02 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: 2d52302e3825681bcd19c65db8082c24 SHA-1: 348a7fea81739f9766335c463237ae4003c5e1a2 SHA-256: 3f11392e6ce42be87b83733047ca17cc2436e610c99696e95ae091ec299a4fc4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a malicious PDF dropper by ClamAV and an ML classifier. It contains an embedded URI pointing to a PDF file hosted on www.gorillawalker.com. The document body appears to be heavily obfuscated or corrupted, preventing analysis of its direct content, but the presence of the external URI strongly suggests a download-and-execute attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7253135-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7253135-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/eschaton-season-one.pdf
    • http://www.gorillawalker.com/final-fantasy-xiii-the-complete-official-guide.pdf
    • http://www.gorillawalker.com/the-new-testament-of-our-lord-and-savior-jesus-christ.pdf
    • http://www.gorillawalker.com/rdenes-del-amor-cursos-seleccionados-de-bert-hellinger-spanish-edition.pdf
    • http://www.gorillawalker.com/dred-scott-v-sanford-great-supreme-court-decisions.pdf
    • http://www.gorillawalker.com/quadrupole-mass-spectrometry-and-its-applications-avs-classics-in-vacuum.pdf
    • http://www.gorillawalker.com/field-quantization-kindle-edition.pdf
    • http://www.gorillawalker.com/wild-justice-the-moral-lives-of-animals.pdf
    • http://www.gorillawalker.com/the-ascent-of-george-washington-the-hidden-political-genius-of.pdf
    • http://www.gorillawalker.com/the-master-switch-the-rise-and-fall-of-information-empires.pdf
    • http://www.gorillawalker.com/local-and-regional-development-critical-concepts-in-geography.pdf
    • http://www.gorillawalker.com/il-cairo-e-la-sua-cittadella.pdf
    • http://www.gorillawalker.com/doctor-faustus-everyman-s-library.pdf
    • http://www.gorillawalker.com/managing-engineering-and-technology-4th-edition.pdf
    • http://www.gorillawalker.com/pre-interpreting-survey-introduction-to-interpreting.pdf
    • http://www.gorillawalker.com/down-beat-sixty-years-of-jazz.pdf
    • http://www.gorillawalker.com/please-make-me-cry-paperback.pdf
    • http://www.gorillawalker.com/close-up-b1-workbook.pdf
    • http://www.gorillawalker.com/kaplan-gmat-800-advanced-prep-for-advanced-students-perfect-score.pdf
    • http://www.gorillawalker.com/princess-academy-palace-of-stone.pdf
    • http://www.gorillawalker.com/the-jewish-way-in-death-and-mourning.pdf
    • http://www.gorillawalker.com/mail-order-bride-westward-dance-a-clean-historical-mail-order.pdf
    • http://www.gorillawalker.com/funk-guitar-bass-know-the-players-play-the-music-hardcover.pdf
    • http://www.gorillawalker.com/a-darker-shade-of-red.pdf
    • http://www.gorillawalker.com/dhaka-to-dakar-across-africa-chapter-18-burkina-faso-kindle.pdf
    • http://www.gorillawalker.com/entlassung-ins-gl-ck-das-amulett-8-mystik-german-edition.pdf
    • http://www.gorillawalker.com/give-it-away.pdf
    • http://www.gorillawalker.com/linear-port-hamiltonian-systems-on-infinite-dimensional-spaces-operator-theory.pdf
    • http://www.gorillawalker.com/the-secrets-of-consulting-a-guide-to-giving-and-getting.pdf
    • http://www.gorillawalker.com/raw-workflow-from-capture-to-archives-a-complete-digital-photographer.pdf
    • http://www.gorillawalker.com/atlas-de-histopatologia-oral-basica-em-portuguese-do-brasil.pdf
    • http://www.gorillawalker.com/taking-the-kalachakra-initiation.pdf
    • http://www.gorillawalker.com/c-sar-ch-vez-a-brief-biography-with-documents-bedford.pdf
    • http://www.gorillawalker.com/songprints-the-musical-experience-of-five-shoshone-women-music-in.pdf
    • http://www.gorillawalker.com/uprising-memories-volume-1.pdf
    • http://www.gorillawalker.com/delphi-programmer-s-library.pdf
    • http://www.gorillawalker.com/dictionary-of-bible-proper-names-every-proper-name-in-the.pdf
    • http://www.gorillawalker.com/fizzics-the-science-of-bubbles-droplets-and-foams.pdf
    • http://www.gorillawalker.com/the-american-psychiatric-publishing-textbook-of-substance-abuse-treatment-american.pdf
    • http://www.gorillawalker.com/en-el-principio-era-el-sexo-los-or-genes-de.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.