Malicious PDF — malware analysis report

Static analysis result for SHA-256 41996e471f61590b…

MALICIOUS

PDF

44.9 KB Created: 2018-11-23 21:03:29 +03:00 Authoring application: Adobe Illustrator CS2 (via Adobe PDF library 7.77)
MD5: b2ffe7d3859db13508278d559ce7b86c SHA-1: 7ca3782e39fa57c539000d9078668eace8ee0011 SHA-256: 41996e471f61590ba583e733678b4d19ff16935d2b36ea084bb93f2728c1b541
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains an embedded URI pointing to an external PDF file, which is a common technique for delivering malicious content. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded URL is likely the primary payload delivery mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7254305-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7254305-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/getting-into-medical-school-2012-entry-by-horner-simon-piumatti.pdf
    • http://www.gorillawalker.com/el-nuevo-aerobics-nuevos-ejercicios-aerobicos.pdf
    • http://www.gorillawalker.com/identity-and-idolatry-the-image-of-god-and-its-inversion.pdf
    • http://www.gorillawalker.com/the-gambler-alma-evergreens.pdf
    • http://www.gorillawalker.com/by-willow-creek-press-just-tuxedo-cats-2015-wall-calendar.pdf
    • http://www.gorillawalker.com/reprint-1983-yearbook-pennsbury-high-school-fairless-hills-pennsylvania.pdf
    • http://www.gorillawalker.com/breastfeeding-atlas.pdf
    • http://www.gorillawalker.com/easy-to-understand-guide-to-software-validation-premier-validation-s.pdf
    • http://www.gorillawalker.com/essential-marketing-frameworks-and-concepts.pdf
    • http://www.gorillawalker.com/starch-third-edition-chemistry-and-technology-food-science-and-technology.pdf
    • http://www.gorillawalker.com/pen-pictures-of-annam-and-its-people.pdf
    • http://www.gorillawalker.com/a-concordance-to-the-septuagint-and-the-other-greek-versions.pdf
    • http://www.gorillawalker.com/deep-excavation-3rd-edition.pdf
    • http://www.gorillawalker.com/introduction-to-connectionist-modelling-of-cognitive-processes.pdf
    • http://www.gorillawalker.com/clinical-coach-for-effective-pain-management.pdf
    • http://www.gorillawalker.com/any-other-girl.pdf
    • http://www.gorillawalker.com/from-local-champions-to-global-masters-a-strategic-perspective-on.pdf
    • http://www.gorillawalker.com/the-power-of-everyday-politics-how-vietnamese-peasants-transformed-national.pdf
    • http://www.gorillawalker.com/with-kitchener-in-the-soudan-illustrated-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/let-s-talk-about-lying.pdf
    • http://www.gorillawalker.com/saudi-arabia-business-and-investment-opportunities-yearbook.pdf
    • http://www.gorillawalker.com/basic-infrastructure-for-a-nuclear-power-project-iaea-tecdoc.pdf
    • http://www.gorillawalker.com/suite-for-violin-and-violoncello-score-parts.pdf
    • http://www.gorillawalker.com/m-ssbauer-spectroscopy-tutorial-book.pdf
    • http://www.gorillawalker.com/el-juego-de-ender-b-de-books-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/searching-for-grace-kelly-kindle-edition.pdf
    • http://www.gorillawalker.com/technology-supported-mathematics-learning-environments-67th-yearbook-2005-nctm-yearbook.pdf
    • http://www.gorillawalker.com/tm-10-3930-675-24-2-us-army-technical-manual.pdf
    • http://www.gorillawalker.com/penny-whistle-party-planner.pdf
    • http://www.gorillawalker.com/the-mind-s-ear-exercises-for-improving-the-musical-imagination.pdf
    • http://www.gorillawalker.com/telemarketing-essentials-for-the-executive-what-you-need-to-know.pdf
    • http://www.gorillawalker.com/social-media-in-action-comprehensive-guide-for-architecture-engineering-planning.pdf
    • http://www.gorillawalker.com/blue-turquoise-white-shell.pdf
    • http://www.gorillawalker.com/colloquial-danish.pdf
    • http://www.gorillawalker.com/le-rouge-et-le-noir-classiques-t-357-french-edition.pdf
    • http://www.gorillawalker.com/medical-surgical-nursing-single-volume-text-and-elsevier-adaptive-quizzing.pdf
    • http://www.gorillawalker.com/batman-classic-reptile-rampage-i-can-read-book-2.pdf
    • http://www.gorillawalker.com/awaken-my-heart-avon-inspire.pdf
    • http://www.gorillawalker.com/memory-and-utopia-the-primacy-of-inter-subjectivity-critical-histories.pdf
    • http://www.gorillawalker.com/talk-show-unabridged-audible-audio-edition.pdf
    • http://www.gorillawa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.