Malicious PDF — malware analysis report

Static analysis result for SHA-256 565476beca1ad7d7…

MALICIOUS

PDF

44.9 KB Created: 2018-11-23 08:08:42 +03:00 Authoring application: Adobe InDesign CS2_J (4.0.5) (via Adobe PDF Library 7.0)
MD5: f267bb2c00bfad308593e0619aa8fcd0 SHA-1: 0095e3a8363e4f92f6f2c27aa2a1ebfa13942cb2 SHA-256: 565476beca1ad7d7f1e618e150f839f53917e2d1871ef0409e0c2c64ebb6704c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV with the signature Pdf.Dropper.Agent-7262067-0. Static analysis identified multiple embedded URLs pointing to external PDF files, suggesting a dropper or downloader functionality. The ML classifier also flagged the PDF as malicious with a high probability. The presence of these URLs indicates an attempt to redirect the user to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8822

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7262067-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7262067-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/feminizing-her-bosses-kindle-edition.pdf
    • http://www.gorillawalker.com/veganomics-the-surprising-science-on-what-motivates-vegetarians-from-the.pdf
    • http://www.gorillawalker.com/the-rolls-royce-shire-library.pdf
    • http://www.gorillawalker.com/billy-name-the-silver-age-black-and-white-photographs-from.pdf
    • http://www.gorillawalker.com/starbucked-a-double-tall-tale-of-caffeine-commerce-and-culture.pdf
    • http://www.gorillawalker.com/the-art-of-basic-drawing-discover-simple-step-by-step.pdf
    • http://www.gorillawalker.com/the-rhine-europe-s-river-highway-rivers-around-the-world.pdf
    • http://www.gorillawalker.com/c-mo-ser-padre-primerizo-spanish-edition.pdf
    • http://www.gorillawalker.com/501-grammar-and-writing-questions-fast-focused-practice-501-series.pdf
    • http://www.gorillawalker.com/guide-to-moab-ut-backroads-4-wheel-drive-trails-2nd.pdf
    • http://www.gorillawalker.com/nuclei-and-particles-an-introduction-to-nuclear-and-subnuclear-physics.pdf
    • http://www.gorillawalker.com/evolutionary-ecology-of-neotropical-freshwater-fishes-developments-in-environmental-biology.pdf
    • http://www.gorillawalker.com/old-bridgeton-and-calton.pdf
    • http://www.gorillawalker.com/lectures-of-lola-montez-countess-of-landsfeld-including-her-autobiography.pdf
    • http://www.gorillawalker.com/sittin-in-with-the-big-band-vol-2-b-flat.pdf
    • http://www.gorillawalker.com/de-revolutionibus-orbium-coelestium-latin-and-english-edition.pdf
    • http://www.gorillawalker.com/old-time-radio-s-greatest-shows-worldwatch-paper.pdf
    • http://www.gorillawalker.com/bible-big-books-david-prince-jonathan.pdf
    • http://www.gorillawalker.com/laws-of-barbados-volume-3-no-38.pdf
    • http://www.gorillawalker.com/the-sermons-of-john-wesley-a-collection-for-the-christian.pdf
    • http://www.gorillawalker.com/toto-piano-vocal-guitar-piano-anthology.pdf
    • http://www.gorillawalker.com/celestial-objects-for-common-telescopes-volume-2.pdf
    • http://www.gorillawalker.com/baron-kaneko-and-the-russo-japanese-war-1904-05-a.pdf
    • http://www.gorillawalker.com/criminal-law.pdf
    • http://www.gorillawalker.com/bls-for-healthcare-providers-instructor-manual.pdf
    • http://www.gorillawalker.com/the-scent-of-dried-roses-our-family-and-the-end.pdf
    • http://www.gorillawalker.com/prentice-hall-chemistry-virtual-chem-lab-single-user-license-2005c.pdf
    • http://www.gorillawalker.com/home-in-time-for-dinner.pdf
    • http://www.gorillawalker.com/information-security-fundamentals.pdf
    • http://www.gorillawalker.com/anne-geddes-2015-slimline-calendar-under-the-sea.pdf
    • http://www.gorillawalker.com/steck-vaughn-strategies-for-success-student-edition-level-h-writing.pdf
    • http://www.gorillawalker.com/the-lean-3p-advantage-a-practitioner-s-guide-to-the.pdf
    • http://www.gorillawalker.com/information-technology-auditing-an-evolving-agenda.pdf
    • http://www.gorillawalker.com/a-second-chance-at-love-2-when-it-rains-it.pdf
    • http://www.gorillawalker.com/chinese-made-easy-textbook-2-with-cd-traditional-2nd-edition.pdf
    • http://www.gorillawalker.com/livingstone-s-travels-and-explorations-in-south-africa.pdf
    • http://www.gorillawalker.com/the-universal-social-safety-net-and-the-attack-on-world.pdf
    • http://www.gorillawalker.com/essentials-of-oceanography-5th-fifth-edition-authors-garrison-tom-s.pdf
    • http://www.gorillawalker.com/the-adventures-of-tom-sawyer-cliffsnotes-collection.pdf
    • http://www.gorillawalker.com/marinai-del-sud-storia-della-marina-confederata-nella-guerra-civile.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.