Malicious PDF — malware analysis report

Static analysis result for SHA-256 4fde44f4d7d49592…

MALICIOUS

PDF

41.1 KB Created: 2018-12-28 08:08:51 +03:00 Authoring application: Acrobat PDFMaker 6.0 for Word (via Acrobat Distiller 6.0 (Windows))
MD5: 202701efeb06794f3a5a2e942798c527 SHA-1: 44e0482dcd731e1aef6cdef9faed2d9c9ce7b104 SHA-256: 4fde44f4d7d495923962bfc36d8ef41cab0c822e8a00c92598d223cc0882ef2a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The PDF contains numerous embedded URLs, with one specifically identified as an external URI pointing to 'http://www.gorillawalker.com/juggernaut.pdf'. This suggests the PDF's primary function is to act as a dropper, redirecting the user to download further malicious content from these external sources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7259499-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7259499-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/juggernaut.pdf
    • http://www.gorillawalker.com/materials-on-international-eu-tax-law-volume-1.pdf
    • http://www.gorillawalker.com/mbe-flash-cards-law-in-a-flash.pdf
    • http://www.gorillawalker.com/equipped-for-good-work.pdf
    • http://www.gorillawalker.com/geometry-problems-and-solutions-from-mathematical-olympiads.pdf
    • http://www.gorillawalker.com/to-destroy-earth-empyrean-junior-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-collected-works-of-j-krishnamurti-vol-5-1948-1949.pdf
    • http://www.gorillawalker.com/inspired-children-how-the-leading-minds-of-today-raise-their.pdf
    • http://www.gorillawalker.com/massey-ferguson-shop-manual-models-mf135-mf150-mf165-manual-mf.pdf
    • http://www.gorillawalker.com/the-ships-and-aircraft-of-the-u-s-fleet-fahey.pdf
    • http://www.gorillawalker.com/wicked-west-king-s-command-4-siren-publishing-menage-everlasting.pdf
    • http://www.gorillawalker.com/the-miles-davis-companion-four-decades-of-commentary.pdf
    • http://www.gorillawalker.com/parabolic-quasilinear-equations-minimizing-linear-growth-functionals-progress-in-mathematics.pdf
    • http://www.gorillawalker.com/dental-caries-a-treatable-infection.pdf
    • http://www.gorillawalker.com/tide-pool-food-chains-exploring-food-chains-and-food-webs.pdf
    • http://www.gorillawalker.com/the-valentine-its-origins.pdf
    • http://www.gorillawalker.com/w-b-yeats-and-the-creation-of-a-tragic-universe.pdf
    • http://www.gorillawalker.com/the-memoir-of-lieutenant-dumont-1715-1747-a-sojourner-in.pdf
    • http://www.gorillawalker.com/studied-a-medical-short.pdf
    • http://www.gorillawalker.com/therapeutic-connection-between-cervical-problems-tmj-dysfunction.pdf
    • http://www.gorillawalker.com/hong-kong-and-the-cold-war-anglo-american-relations-1949.pdf
    • http://www.gorillawalker.com/three-castles-and-an-ironmaster-s-house.pdf
    • http://www.gorillawalker.com/110-turn-of-the-century-house-designs-dover-architecture.pdf
    • http://www.gorillawalker.com/fat-burning-furnace-how-to-get-lean-strong-healthy-for.pdf
    • http://www.gorillawalker.com/catalogue-of-arabic-manuscripts-in-the-library-of-the-university.pdf
    • http://www.gorillawalker.com/immersionplus-french-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/time-out-barcelona-time-out-guides.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-i-ching.pdf
    • http://www.gorillawalker.com/expanding-visions-of-creative-intelligence-an-interdisciplinary-investigation-perspectives-on.pdf
    • http://www.gorillawalker.com/ultimate-cuts-7-secrets-to-burn-fat-fast-as-hell.pdf
    • http://www.gorillawalker.com/this-was-our-valley.pdf
    • http://www.gorillawalker.com/costa-rica-lonely-planet-travel-survival-kit.pdf
    • http://www.gorillawalker.com/finder-volume-1-target-in-the-view-finder-yaoi.pdf
    • http://www.gorillawalker.com/satztypen-und-konstruktionen-linguistik-impulse-tendenzen-german-edition.pdf
    • http://www.gorillawalker.com/gay-for-pay-first-time-gay-experience-reluctant-gay-submission.pdf
    • http://www.gorillawalker.com/north-and-south-korea-the-evolution-of-government-and-politics.pdf
    • http://www.gorillawalker.com/the-human-condition-walgreen-foundation-lecture.pdf
    • http://www.gorillawalker.com/brian-mcfarlane-s-world-of-hockey.pdf
    • http://www.gorillawalker.com/israel-the-promised-land.pdf
    • http://www.gorillawalker.com/piloting-seamanship-and-small-boat-handling-1955-56-edition-v.pdf
    • http://www.gorillawalker.com/massey-ferguson-shop-manua
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.