Malicious PDF — malware analysis report

Static analysis result for SHA-256 53da872079e9cc51…

MALICIOUS

PDF

44.6 KB Created: 2018-11-23 21:03:25 +03:00 Authoring application: PSCRIPT.DRV Version 4.0 (via Acrobat Distiller 3.02)
MD5: f83ebeb1fc90faf891b22f8bd2c8c944 SHA-1: a8e424afe425382d863efdd852a990a2fe0201ee SHA-256: 53da872079e9cc51115b8acd677ebf83dd578ad708603b56ee26690e0ecb4c98
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link T1059.001 PowerShell

The PDF was flagged by multiple detection engines, including ClamAV which identified it as 'Pdf.Dropper.Agent-7261088-0'. The embedded URI heuristic also points to an external URL, suggesting a dropper functionality. The ML classifier also strongly indicated maliciousness. The primary attack vector appears to be a user-initiated download of a malicious PDF, which then likely redirects to or hosts further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7261088-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7261088-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/coal-in-brazil-to-2015-market-profile-download-pdf-digital.pdf
    • http://www.gorillawalker.com/the-top-ten-battles-that-changed-the-world.pdf
    • http://www.gorillawalker.com/clockwiser-book-2-in-the-clockwise-series-volume-2.pdf
    • http://www.gorillawalker.com/culturing-interface-identity-communication-and-chinese-transnationalism-critical-intercultural-communication.pdf
    • http://www.gorillawalker.com/escape-from-saigon-how-a-vietnam-war-orphan-became-an.pdf
    • http://www.gorillawalker.com/the-african-epic-controversy.pdf
    • http://www.gorillawalker.com/piglets-don-t-watch-television-abby-and-tess-pet-sitters.pdf
    • http://www.gorillawalker.com/faure-quatour-op-45-in-g-minor-for-violin-viola.pdf
    • http://www.gorillawalker.com/delhi-agra-and-jaipur-odyssey-guides-our-world-in-colour.pdf
    • http://www.gorillawalker.com/a-year-of-miracles-daily-devotions-and-reflections.pdf
    • http://www.gorillawalker.com/trumpet-basics-a-method-for-individual-and-group-learning-book.pdf
    • http://www.gorillawalker.com/international-development-issues-and-challenges-second-edition.pdf
    • http://www.gorillawalker.com/artificial-gemstones.pdf
    • http://www.gorillawalker.com/spanish-english-read-understand-science-grades-4-6-spanish-edition.pdf
    • http://www.gorillawalker.com/powder-river-season-five-a-radio-dramatization-colonial-radio-theatre.pdf
    • http://www.gorillawalker.com/shit-new-york-snapshots-of-the-city-that-never-sleeps.pdf
    • http://www.gorillawalker.com/neale-s-disorders-of-the-foot-8e-neale-s-disorders.pdf
    • http://www.gorillawalker.com/dual-nationality-social-rights-and-federal-citizenship-in-the-u.pdf
    • http://www.gorillawalker.com/essential-laboratory-skills-for-biosciences.pdf
    • http://www.gorillawalker.com/eugene-o-neill-bloom-s-major-dramatists.pdf
    • http://www.gorillawalker.com/the-classic-and-contemporary-recipes-of-yves-thuries-modern-french.pdf
    • http://www.gorillawalker.com/rick-steves-tour-athens-acropolis-acropolis-museum.pdf
    • http://www.gorillawalker.com/leica-manual-and-data-manual.pdf
    • http://www.gorillawalker.com/worse-than-a-monolith-alliance-politics-and-problems-of-coercive.pdf
    • http://www.gorillawalker.com/clans-and-tartans-map-of-scotland-collins-pictorial-maps.pdf
    • http://www.gorillawalker.com/elijah-s-ultimate-guide-to-tokyo-disneyland-park-2015-elijah.pdf
    • http://www.gorillawalker.com/financial-fitness-21-easy-exercises-to-get-your-personal-finances.pdf
    • http://www.gorillawalker.com/courage-et-damnation-emmanuelle-boreau-french-edition.pdf
    • http://www.gorillawalker.com/improving-odds-to-win-the-lottery-all-lotteries-are-biased.pdf
    • http://www.gorillawalker.com/handbook-of-radioactive-contamination-and-decontamination-studies-in-environmental-science.pdf
    • http://www.gorillawalker.com/the-nutribullet-healing-recipe-book-200-health-boosting-nutritious-and.pdf
    • http://www.gorillawalker.com/a-youth-worker-s-commentary-on-john-vol-2-volume.pdf
    • http://www.gorillawalker.com/wage-levels-and-inequality-measuring-and-interpreting-the-trends-aei.pdf
    • http://www.gorillawalker.com/animal-exercises-animal-lullabies-s.pdf
    • http://www.gorillawalker.com/grand-times-special-memories-with-your-grandkids-marianne-richmond.pdf
    • http://www.gorillawalker.com/homoepathic-manual-of-obstetrics-or-a-treatise-on-the-aid.pdf
    • http://www.gorillawalker.com/fundamentals-of-mos-digital-integrated-circuits-addison-wesley-series-in.pdf
    • http://www.gorillawalker.com/chocolate-mousse-with-chipotle-and-lime-a-single-recipe-step.pdf
    • http://www.gorillawalker.com/bookmarks-a-guide-to-research-and-writing-2nd-edition.pdf
    • http://www.gorillawalker.com/compendium-of-seashells-a-color-guide-to-more-than-4.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.