Malicious PDF — malware analysis report

Static analysis result for SHA-256 532fe584cd17dab2…

MALICIOUS

PDF

39.7 KB Created: 2018-12-14 20:07:09 +03:00 Authoring application: Adobe InDesign CS5 (7.0.5) (via Adobe PDF Library 9.9)
MD5: 31c63edaf8f79a7dfdae746f4ae8d1e3 SHA-1: db97c2cbf5c5b5bf49743d9263bb7b49f03f0d5c SHA-256: 532fe584cd17dab205ed31a4191c3dc54b6c75c402fd054dbddff031eb72d538
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The PDF contains numerous embedded URLs pointing to external PDF files, suggesting a dropper or downloader functionality. The primary attack pattern involves luring the user to click these links, which likely leads to the download of further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7139818-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7139818-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-world-bank-legal-review-volume-6-improving-delivery-in.pdf
    • http://www.gorillawalker.com/champagne-cl52287.pdf
    • http://www.gorillawalker.com/experiment-x-one-six.pdf
    • http://www.gorillawalker.com/the-friday-night-knitting-club-friday-night-knitting-club-series.pdf
    • http://www.gorillawalker.com/oil-futures-markets-an-introduction.pdf
    • http://www.gorillawalker.com/complete-skier-a-pracical-guide-for-skiers.pdf
    • http://www.gorillawalker.com/encyclopaedia-of-indian-medicine-materia-medica-minerals-and-metallic-drugs.pdf
    • http://www.gorillawalker.com/tratamiento-odontol-gico-del-paciente-bajo-tratamiento-m-dico-5e.pdf
    • http://www.gorillawalker.com/highland-healer-highland-talents-book-1.pdf
    • http://www.gorillawalker.com/controlling-julia.pdf
    • http://www.gorillawalker.com/juicing-essentials-the-ultimate-guide-to-detox-health.pdf
    • http://www.gorillawalker.com/a-madhaviah-a-biography-and-muthumeenakshi-a-novella.pdf
    • http://www.gorillawalker.com/spirit-raiders.pdf
    • http://www.gorillawalker.com/52-simple-ways-to-go-vegan.pdf
    • http://www.gorillawalker.com/spring-comes-early.pdf
    • http://www.gorillawalker.com/understanding-beliefs-the-mit-press-essential-knowledge-series.pdf
    • http://www.gorillawalker.com/behavioural-economics-saved-my-dog-life-advice-for-the-imperfect.pdf
    • http://www.gorillawalker.com/untold-the-lynburn-legacy-book-2.pdf
    • http://www.gorillawalker.com/heavy-lift-helicopters.pdf
    • http://www.gorillawalker.com/spartacus-the-gladiator-spartacus-chronicles.pdf
    • http://www.gorillawalker.com/archer-engineer-s-notebook-a-handbook-of-integrated-circuit-applications.pdf
    • http://www.gorillawalker.com/good-dog-daisy.pdf
    • http://www.gorillawalker.com/deadly-the-truth-about-the-most-dangerous-creatures-on-earth.pdf
    • http://www.gorillawalker.com/american-hipster-a-life-of-herbert-huncke-the-times-square.pdf
    • http://www.gorillawalker.com/duke-sucks-a-completely-evenhanded-unbiased-investigation-into-the-most.pdf
    • http://www.gorillawalker.com/institutions-and-imaginaries-school-of-the-art-institute-of-chicago.pdf
    • http://www.gorillawalker.com/adlestrop-an-anthology.pdf
    • http://www.gorillawalker.com/acne-quick-natural-remedies-kindle-edition.pdf
    • http://www.gorillawalker.com/labor-economics-introduction-to-classic-and-the-new-labor-economics.pdf
    • http://www.gorillawalker.com/burning-sands-my-brothers-keeper-volume-1-my-brothers-keeper.pdf
    • http://www.gorillawalker.com/16-waltzes-op-39-arrangement-for-orchestra-trumpet-1-part.pdf
    • http://www.gorillawalker.com/marvel-colouring-book.pdf
    • http://www.gorillawalker.com/mystique-vol-1-dead-drop-gorgeous-astonishing-x-men.pdf
    • http://www.gorillawalker.com/steven-spielberg-ovations.pdf
    • http://www.gorillawalker.com/weary-life-of-sir-edward-dunlop.pdf
    • http://www.gorillawalker.com/cockatoos-complete-pet-owner-s-manual.pdf
    • http://www.gorillawalker.com/han-wei-liu-chao-fu-lun-ji-mandarin-chinese-edition.pdf
    • http://www.gorillawalker.com/router-jigs-techniques.pdf
    • http://www.gorillawalker.com/word-freak-heartbreak-triumph-genius-and-obsession-in-the-world.pdf
    • http://www.gorillawalker.com/the-old-man-and-the-sea-paperback.pdf
    • http://www.gorillawalker.com/contr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.