Malicious PDF — malware analysis report

Static analysis result for SHA-256 55ad499c84749680…

MALICIOUS

PDF

45.2 KB Created: 2018-11-14 08:27:35 +03:00 Authoring application: - (via Adobe Acrobat 10.0 Paper Capture Plug-in)
MD5: 37844e47024d5c0dc7f8ce1e7a189307 SHA-1: 0e5277ddb80c9df68020ca04b0ff0aa02922d0e2 SHA-256: 55ad499c847496802034a397639a1dbf008abdf689ca432554c4dc55d1b8de02
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected as malicious by ClamAV with the signature Pdf.Dropper.Agent-7532695-0, and a machine learning classifier also flagged it. The PDF contains an embedded URI pointing to an external resource, suggesting it is intended to download and execute a secondary payload. The document body is heavily obfuscated and unreadable, providing no further context on the lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7532695-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7532695-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-live-at-the-beach.pdf
    • http://www.gorillawalker.com/the-holy-word-for-morning-revival-crystallization-study-of-exodus.pdf
    • http://www.gorillawalker.com/the-land-of-dreams-minnesota-trilogy.pdf
    • http://www.gorillawalker.com/sacrifice-a-celtic-adventure.pdf
    • http://www.gorillawalker.com/taka-3-la-femme-fatale-publishing-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-generalized-linear-models-first-edition-chapman-hall.pdf
    • http://www.gorillawalker.com/comparing-public-sector-reform-in-britain-and-germany.pdf
    • http://www.gorillawalker.com/trollope-an-autobiography-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/liturgical-subjects-christian-ritual-biblical-narrative-and-the-formation-of.pdf
    • http://www.gorillawalker.com/composite-landscapes-photomontage-and-landscape-architecture-hardcover.pdf
    • http://www.gorillawalker.com/the-samosa-cookbook-30-crispy-and-crunchy-samosa-recipes.pdf
    • http://www.gorillawalker.com/the-philosophical-challenge-from-china.pdf
    • http://www.gorillawalker.com/cameron-s-turtle-friend-cameron-s-animal-friends-volume-1.pdf
    • http://www.gorillawalker.com/local-government-kids-guide-to-government.pdf
    • http://www.gorillawalker.com/international-political-economy-in-the-21st-century-contemporary-issues-and.pdf
    • http://www.gorillawalker.com/quick-easy-japanese-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/antojos-tentaciones-dulces-y-saladas-fancy-temptations-sweets-and-salads.pdf
    • http://www.gorillawalker.com/pilbeam-s-mechanical-ventilation-pageburst-e-book-on-kno-retail.pdf
    • http://www.gorillawalker.com/third-eye-awakening-spiritual-awaking-how-to-open-your-third.pdf
    • http://www.gorillawalker.com/do-you-talk-funny-7-comedy-habits-to-become-a.pdf
    • http://www.gorillawalker.com/masyu-mixed-grids-deluxe-easy-to-hard-volume-6-474.pdf
    • http://www.gorillawalker.com/manual-of-allergy-and-immunology.pdf
    • http://www.gorillawalker.com/abortion-before-birth-control-the-politics-of-reproduction-in-postwar.pdf
    • http://www.gorillawalker.com/keeping-quail-a-guide-to-domestic-and-commercial-management.pdf
    • http://www.gorillawalker.com/american-indians-in-u-s-history-the-civilization-of-the.pdf
    • http://www.gorillawalker.com/warwick-the-kingmaker.pdf
    • http://www.gorillawalker.com/calcutta-kolkata-india-99-tips-for-tourists-backpackers-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-start-your-own-successful-insurance-agency.pdf
    • http://www.gorillawalker.com/cuando-la-cuna-esta-vacia-respuestas-a-preguntas-deficiles-sobre.pdf
    • http://www.gorillawalker.com/international-education-aid-in-developing-asia-policies-and-practices.pdf
    • http://www.gorillawalker.com/grandma-doralee-patinkin-s-holiday-cookbook-a-jewish-family-s.pdf
    • http://www.gorillawalker.com/ultimate-guide-to-weight-training-for-swimming-ultimate-gt-weight.pdf
    • http://www.gorillawalker.com/fatal-opinions.pdf
    • http://www.gorillawalker.com/fuzzy-memories.pdf
    • http://www.gorillawalker.com/instead-of-education-ways-to-help-people-do-things-better.pdf
    • http://www.gorillawalker.com/the-hunley-story-journey-of-a-confederate-submarine.pdf
    • http://www.gorillawalker.com/trading-on-expectations-strategies-to-pinpoint-trading-ranges-trends-and.pdf
    • http://www.gorillawalker.com/vector-methods-applied-to-differential-geometry-mechanics-and-potential-theory.pdf
    • http://www.gorillawalker.com/antitrust-law-major-briefs-and-oral-arguments-of-the-supreme.pdf
    • http://www.gorillawalker.com/doing-the-rights-thing-rights-based-development-and-latin-american.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.