Malicious PDF — malware analysis report

Static analysis result for SHA-256 413bd3d7a1ab0a0b…

MALICIOUS

PDF

40.2 KB Created: 2018-11-23 21:09:31 +03:00 Authoring application: Adobe InDesign CS3 (5.0.3) (via Adobe PDF Library 8.0)
MD5: d32d573a8ebe575af20f85e206b203bc SHA-1: d7cfa3054dcd501db7a7759cbd855febde140324 SHA-256: 413bd3d7a1ab0a0bdc2b631accdfbe69357a809c53a5ab7228f4ec0268041c50
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating it is a PDF dropper. The document body contains numerous embedded URLs pointing to external PDF files, suggesting a lure to download further malicious content. The primary attack pattern involves exploiting user trust to download and potentially execute additional payloads from these external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7254050-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7254050-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/advanced-rockcraft.pdf
    • http://www.gorillawalker.com/for-lovers-of-god-everywhere-poems-of-the-christian-mystics.pdf
    • http://www.gorillawalker.com/manifesto-for-a-european-renaissance.pdf
    • http://www.gorillawalker.com/the-sauce-bible-a-guide-to-the-saucier-s-craft.pdf
    • http://www.gorillawalker.com/karl-iagnemma-on-the-nature-of-human-romantic-interaction-book.pdf
    • http://www.gorillawalker.com/card-tricks-for-beginners-breese-s-guides.pdf
    • http://www.gorillawalker.com/st-rita-of-cascia-saint-of-the-impossible.pdf
    • http://www.gorillawalker.com/pediatric-dentistry-infancy-through-adolescence-5e-pediatric-denistry.pdf
    • http://www.gorillawalker.com/the-causes-of-profound-deafness-in-childhood-a-study-of.pdf
    • http://www.gorillawalker.com/symphony-no-1-in-d-major-hob-i-1-full.pdf
    • http://www.gorillawalker.com/storytelling-branding-in-practice.pdf
    • http://www.gorillawalker.com/the-inferno-of-dante-translated-by-robert-pinsky-unabridged-audible.pdf
    • http://www.gorillawalker.com/brock-lesnar-wrestling-unauthorized-uncensored-all-ages-deluxe-edition-with.pdf
    • http://www.gorillawalker.com/havash-frontier-adventures-in-kenya.pdf
    • http://www.gorillawalker.com/susana-y-javier-en-sudamerica-spanish-edition.pdf
    • http://www.gorillawalker.com/nanoscale-photonics-and-optoelectronics-lecture-notes-in-nanoscale-science-and.pdf
    • http://www.gorillawalker.com/the-psychology-of-peoples-kindle-edition.pdf
    • http://www.gorillawalker.com/collector-s-originality-guide-jaguar-e-type.pdf
    • http://www.gorillawalker.com/adicci-nes-y-violencias-invisibles-spanish-edition.pdf
    • http://www.gorillawalker.com/starting-a-skin-care-line-it-s-not-that-simple.pdf
    • http://www.gorillawalker.com/diagnostic-immunohistochemistry-2e.pdf
    • http://www.gorillawalker.com/through-hell-and-high-water.pdf
    • http://www.gorillawalker.com/take-a-shower-show-up-on-time-and-don-t.pdf
    • http://www.gorillawalker.com/nuclear-medicine-imaging-a-teaching-file-lww-teaching-file-series.pdf
    • http://www.gorillawalker.com/primary-atlas-for-namibia-c-l-s-primary-atlas-for.pdf
    • http://www.gorillawalker.com/2012-elvis-wall-calendar.pdf
    • http://www.gorillawalker.com/carrot-casserole-recipes-family-casserole-recipes-book-31-kindle-edition.pdf
    • http://www.gorillawalker.com/the-emergence-of-man-the-neanderthals.pdf
    • http://www.gorillawalker.com/murdering-to-dissect-graverobbing-frankenstein-and-the-anatomy-literature.pdf
    • http://www.gorillawalker.com/trolley-dodgers.pdf
    • http://www.gorillawalker.com/integrative-rheumatology-second-edition.pdf
    • http://www.gorillawalker.com/to-be-an-anchor-in-the-storm-a-guide-for.pdf
    • http://www.gorillawalker.com/art-and-appetite-american-painting-culture-and-cuisine-art-institute.pdf
    • http://www.gorillawalker.com/tyndale-new-testament-commentary-20-vol-set.pdf
    • http://www.gorillawalker.com/el-ejemplo-a-seguir-tt-example-to-follow-evaluaci.pdf
    • http://www.gorillawalker.com/the-bozz-chronicles-dover-graphic-novels.pdf
    • http://www.gorillawalker.com/fear-god-and-the-shadow-of-the-muslim-sword.pdf
    • http://www.gorillawalker.com/ring-dang-doo-a-contemporary-adult-tale-of-mystery-lust.pdf
    • http://www.gorillawalker.com/white-collared-part-four-passion-benediction.pdf
    • http://www.gorillawalker.com/forced-to-comply-bondage-bdsm-stories.pdf
    • http://www.gorillawalker.com/the-causes-of-profound-deafness-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.