Malicious PDF — malware analysis report

Static analysis result for SHA-256 417e4f83591c639e…

MALICIOUS

PDF

43.4 KB Created: 2018-11-22 08:03:40 +03:00 Authoring application: Adobe InDesign CS4_J (6.0.5) (via Acrobat Distiller 7.0 (Windows))
MD5: a2e3e3fcd2306b7cba5f8ec220f3bb94 SHA-1: 13ea957d1d2f76c34324e5937b86c6c2d4e795b3 SHA-256: 417e4f83591c639ea053ae104ee3e2401bbc2901b6fae1b0ef800a179ffe5133
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The file is identified as a malicious PDF dropper by ClamAV and an ML classifier. It contains an embedded URI pointing to a PDF file hosted on www.gorillawalker.com. This suggests the document's primary purpose is to trick the user into downloading and opening a secondary malicious PDF, likely containing further exploits or malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7254128-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7254128-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/preparation-of-compounds-labeled-with-tritium-and-carbon-14.pdf
    • http://www.gorillawalker.com/a-place-in-the-sun-photographs-of-los-angeles-by.pdf
    • http://www.gorillawalker.com/the-new-nursing-assistant-2000-student-workbook-and-skills-checklists.pdf
    • http://www.gorillawalker.com/the-art-of-dialogue-in-jewish-philosophy.pdf
    • http://www.gorillawalker.com/cinnamon.pdf
    • http://www.gorillawalker.com/the-wild-party-the-lost-classic.pdf
    • http://www.gorillawalker.com/101-slow-cooker-recipes.pdf
    • http://www.gorillawalker.com/lonely-planet-pocket-budapest-travel-guide.pdf
    • http://www.gorillawalker.com/the-healthy-smoothie-bible-lose-weight-detoxify-fight-disease-and.pdf
    • http://www.gorillawalker.com/boston-marriages-romantic-but-asexual-relationships-among-contemproary-lesbians.pdf
    • http://www.gorillawalker.com/pirates-1660-1730-elite.pdf
    • http://www.gorillawalker.com/checkmate-in-prague-the-memoirs-of-a-grandmaster.pdf
    • http://www.gorillawalker.com/composers-on-composing-for-band-vol-3-g7053.pdf
    • http://www.gorillawalker.com/last-chapter-modern-arabic-writing-kindle-edition.pdf
    • http://www.gorillawalker.com/yummy-food-doodles-perfect-for-restaurants-picnics-parties-school-and.pdf
    • http://www.gorillawalker.com/ireland-the-songs-book-two.pdf
    • http://www.gorillawalker.com/the-negro-s-god-as-reflected-in-his-literature.pdf
    • http://www.gorillawalker.com/lust-free-in-31-days-christian-men-overcoming-lust-porn.pdf
    • http://www.gorillawalker.com/consider-a-spherical-cow.pdf
    • http://www.gorillawalker.com/aplastic-anaemia-and-other-bone-marrow-failure-syndromes.pdf
    • http://www.gorillawalker.com/importance-of-normal-and-abnormal-tooth-structures-in-the-process.pdf
    • http://www.gorillawalker.com/intermediate-python-treading-on-python-book-2-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/diagnostic-oncology-2-lung-cancer-and-tumors-of-the-heart.pdf
    • http://www.gorillawalker.com/the-totally-awesome-80s-tv-trivia-book.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-soups-5-borsch-with.pdf
    • http://www.gorillawalker.com/the-original-peter-rabbit-calendar-2003-peter-rabbit.pdf
    • http://www.gorillawalker.com/forbidden-laughter-soviet-underground-jokes-bilingual-edition.pdf
    • http://www.gorillawalker.com/psychopharmacology-problem-solving-principles-and-practices-to-get-it-right.pdf
    • http://www.gorillawalker.com/vagabond-vol-23.pdf
    • http://www.gorillawalker.com/the-cause-and-prevention-of-decay-in-teeth-an-investigation.pdf
    • http://www.gorillawalker.com/six-english-songs-recorder-and-guitar.pdf
    • http://www.gorillawalker.com/big-game-cooking-care.pdf
    • http://www.gorillawalker.com/pigeon-in-a-crosswalk-tales-of-anxiety-and-accidental-glamour.pdf
    • http://www.gorillawalker.com/they-come-and-knock-on-the-door-spanish-and-english.pdf
    • http://www.gorillawalker.com/special-topics-in-calamity-physics.pdf
    • http://www.gorillawalker.com/understanding-creativity-in-early-childhood-meaning-making-and-children-s.pdf
    • http://www.gorillawalker.com/tap-dancing-at-a-glance.pdf
    • http://www.gorillawalker.com/antonin-dvorak-te-deum-vocal-score-884088429775.pdf
    • http://www.gorillawalker.com/see-you-in-casablanca-trilogy-of-dark-love-book-2.pdf
    • http://www.gorillawalker.com/walking-with-god-in-every-season-ecclesiastes-song-of-solomon.pdf
    • http://www.gorillawalker.com/the-wild-party-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.