Malicious PDF — malware analysis report

Static analysis result for SHA-256 50c93b3c26e1d446…

MALICIOUS

PDF

48.9 KB Created: 2018-11-30 20:56:42 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: 09422a556a637220db177f91d66adadc SHA-1: 0c0ca2657db3adec92c360f59fc33b50f5896649 SHA-256: 50c93b3c26e1d4469a73a71233b319ca7f11725036710e10839efbdde2859537
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The file was detected as a malicious PDF dropper by ClamAV and an ML classifier. It contains multiple external URLs, one of which is explicitly listed as an external URI. These URLs likely point to further malicious content, such as additional PDFs or executables, intended to compromise the user's system. The document body itself is heavily obfuscated and does not provide clear textual lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8509

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7259764-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7259764-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/evenings-on-and-off-the-roof-pioneering-concerts-in-los.pdf
    • http://www.gorillawalker.com/a-miracle-of-healing.pdf
    • http://www.gorillawalker.com/body-guards-protective-amulets-charms.pdf
    • http://www.gorillawalker.com/the-stepfamily-living-loving-learning.pdf
    • http://www.gorillawalker.com/gravity-how-the-most-mysterious-force-in-the-universe-shapes.pdf
    • http://www.gorillawalker.com/psycho-stepbrother-book-four-of-four.pdf
    • http://www.gorillawalker.com/computational-aspects-of-modular-forms-and-galois-representations-how-one.pdf
    • http://www.gorillawalker.com/oral-medications-for-erectile-dysfunction-mode-of-action-and-treatment.pdf
    • http://www.gorillawalker.com/auditing-and-assurance-services-with-acl-software-cd-15-e.pdf
    • http://www.gorillawalker.com/the-rocks-begin-to-speak.pdf
    • http://www.gorillawalker.com/bed-and-breakfast-farmhouses-inns-hostels-england-1995-bed-and.pdf
    • http://www.gorillawalker.com/forex-aprenda-a-investir-de-maneira-respons-vel-como-um.pdf
    • http://www.gorillawalker.com/remedies-in-construction-law-construction-practice-series.pdf
    • http://www.gorillawalker.com/the-nostalgia-factory-memory-time-and-ageing.pdf
    • http://www.gorillawalker.com/advanced-pavement-research-selected-peer-reviewed-papers-from-the-3rd.pdf
    • http://www.gorillawalker.com/genital-herpes-an-entry-from-thomson-gale-s-gale-encyclopedia.pdf
    • http://www.gorillawalker.com/anticipating-and-managing-crime-crisis-and-violence-in-our-schools.pdf
    • http://www.gorillawalker.com/daniel-in-the-critics-den-classic-re-print-series.pdf
    • http://www.gorillawalker.com/inequality-matters-the-growing-economic-divide-in-america-and-its.pdf
    • http://www.gorillawalker.com/the-babylon-file-the-unofficial-guide-to-j-michael-straczynski.pdf
    • http://www.gorillawalker.com/gordon-ramsey-s-passion-for-seafood.pdf
    • http://www.gorillawalker.com/earth-fire-and-water-chinese-ceramic-technology-a-handbook-for.pdf
    • http://www.gorillawalker.com/cults-customs-and-superstitions-of-india-rev-and-enl-ed.pdf
    • http://www.gorillawalker.com/wolves-heat-and-chill.pdf
    • http://www.gorillawalker.com/twilight-tenth-anniversary-edition.pdf
    • http://www.gorillawalker.com/strenthening-the-global-nuclear-safety-regime-insag-series.pdf
    • http://www.gorillawalker.com/source-book-of-buses.pdf
    • http://www.gorillawalker.com/fabulous-party-cakes-and-cupcakes-matching-cakes-and-cupcakes-for.pdf
    • http://www.gorillawalker.com/i-am-mordred-a-tale-of-camelot-turtleback-school-library.pdf
    • http://www.gorillawalker.com/project-management-for-the-creation-of-organisational-value.pdf
    • http://www.gorillawalker.com/the-new-rules-of-marketing-and-pr-how-to-use.pdf
    • http://www.gorillawalker.com/task-force-black-the-explosive-true-story-of-the-secret.pdf
    • http://www.gorillawalker.com/the-rational-male.pdf
    • http://www.gorillawalker.com/roadside-maintenance-transportation-research-record.pdf
    • http://www.gorillawalker.com/milton-hershey-lives-and-times.pdf
    • http://www.gorillawalker.com/the-animated-film-encyclopedia-a-complete-guide-to-american-shorts.pdf
    • http://www.gorillawalker.com/septoria-on-cereals-a-study-of-pathosystems.pdf
    • http://www.gorillawalker.com/die-koalitionsfreiheit-des-arbeitnehmers-the-freedom-of-the-worker-to.pdf
    • http://www.gorillawalker.com/the-stability-of-the-times-a-sermon-delivered-on-the.pdf
    • http://www.gorillawalker.com/sam-and-twitch-the-brian-michael-bendis-collection-volume-2.pdf
    • http://www.gorillawalker.com/computatio
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.