Malicious PDF — malware analysis report

Static analysis result for SHA-256 4a95a275d4b8e905…

MALICIOUS

PDF

33.6 KB Created: 2019-07-20 19:51:25 +03:00 Authoring application: UnknownApplication (via XEP 4.4 build 20050610)
MD5: db060da6763574566f676528a7a7f54f SHA-1: 8f1ab634e9b3bc567ffa73bc4abf1233011c40dd SHA-256: 4a95a275d4b8e9054b1d56d2d21d2a5258b27529b5cef272b968eadf88feff26
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating it is a PDF dropper. The PDF contains numerous embedded URLs pointing to external PDF files, suggesting a social engineering lure to trick users into downloading further malicious content. The presence of these external links is the primary indicator of the attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7113604-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7113604-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/johnny-boskak-is-feeling-funny-and-other-plays.pdf
    • http://www.gorillawalker.com/ancient-quotes-anecdotes-from-crib-to-crypt-foundations-and-facets.pdf
    • http://www.gorillawalker.com/assisted-job-search-for-the-insured-unemployed-studies-in-unemployment.pdf
    • http://www.gorillawalker.com/walt-disney-imagineering.pdf
    • http://www.gorillawalker.com/61-a-d-bachiyr.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-medical-tourism.pdf
    • http://www.gorillawalker.com/polar-dream-the-heroic-saga-of-the-first-solo-journey.pdf
    • http://www.gorillawalker.com/birds-at-risk-rare-or-endangered-species-of-new-zealand.pdf
    • http://www.gorillawalker.com/mario-kart-8-unlockables-strategy-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/leadership-from-the-inside-out.pdf
    • http://www.gorillawalker.com/excel-applications-for-accounting-principles.pdf
    • http://www.gorillawalker.com/tamil-tigress-my-story-as-a-child-soldier-in-sri.pdf
    • http://www.gorillawalker.com/inner-rhythm-dance-training-for-the-deaf-performing-arts-studies.pdf
    • http://www.gorillawalker.com/chemical-engineering-pe-exam-secrets-study-guide-chemical-engineering-pe.pdf
    • http://www.gorillawalker.com/head-case-treat-yourself-to-better-mental-health.pdf
    • http://www.gorillawalker.com/aberystwyth-and-machynlleth-cassini-popular-edition-historical-map.pdf
    • http://www.gorillawalker.com/why-boys-fail-saving-our-sons-from-an-educational-system.pdf
    • http://www.gorillawalker.com/heart-smarts-guts-and-luck-what-it-takes-to-be.pdf
    • http://www.gorillawalker.com/buffy-the-vampire-slayer-the-script-book-season-two-volume.pdf
    • http://www.gorillawalker.com/computer-networking-essentials-cisco-press-core-series.pdf
    • http://www.gorillawalker.com/the-island-of-sir-bani-yas.pdf
    • http://www.gorillawalker.com/the-new-nursing-assistant-student-workbook-and-skills-checklists.pdf
    • http://www.gorillawalker.com/thebaid-a-song-of-thebes-masters-of-latin-literature.pdf
    • http://www.gorillawalker.com/penthouse-comix-issue-28-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-build-up-your-immune-stsyen-to-win-against.pdf
    • http://www.gorillawalker.com/debt-of-bones-sword-of-truth-series.pdf
    • http://www.gorillawalker.com/memories-of-two-wars-cuban-and-philippine-experiences.pdf
    • http://www.gorillawalker.com/henry-hudson-seeking-the-northwest-passage-in-the-footsteps-of.pdf
    • http://www.gorillawalker.com/proofs-that-really-count-the-art-of-combinatorial-proof-dolciani.pdf
    • http://www.gorillawalker.com/stolen-water-forgotten-liberties-a-true-story-of-life-along.pdf
    • http://www.gorillawalker.com/lady-gaga-piano-play-along-volume-119-bk-cd-hal.pdf
    • http://www.gorillawalker.com/from-the-gracchi-to-nero-a-history-of-rome-from.pdf
    • http://www.gorillawalker.com/choosing-best-ski-board-equipment-the-truth-about-skiing-volume.pdf
    • http://www.gorillawalker.com/chemical-basis-of-life-readings-from-scientific-american.pdf
    • http://www.gorillawalker.com/the-psychology-of-assessment-centers.pdf
    • http://www.gorillawalker.com/illustrated-guide-to-gardening-updated-w-color.pdf
    • http://www.gorillawalker.com/operations-management-creating-value-along-the-supply-chain-7th-edition.pdf
    • http://www.gorillawalker.com/what-we-hide.pdf
    • http://www.gorillawalker.com/franchise-bible-franchise-bible-how-to-buy-a-franchise-or.pdf
    • http://www.gorillawalker.com/tomasin-y-el-cerdito-tommy-and-the-piglet-coleccion-rascacielos.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.