Pdf.Dropper.Agent — PDF malware analysis

Static analysis result for SHA-256 572a9088d448b87b…

MALICIOUS

PDF

15.3 KB Created: 2020-03-20 14:14:13 +00:00 Authoring application: mPDF 5.7
MD5: ea28afa78d0377663fae7a6dfbb453ab SHA-1: a09e37fecfdb1a353e1889abed14f72e1d15b0d3 SHA-256: 572a9088d448b87b187f2ad60a65001bb39da6b00265d524911116fad153085f
92 Risk Score

Malware Insights

Pdf.Dropper.Agent · confidence 95%

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected as malicious by ClamAV and an ML classifier, indicating it's a PDF dropper. The embedded URLs likely serve as the download source for a secondary payload. The document body contains numerous URLs, reinforcing the dropper functionality.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9200

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7693314-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7693314-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ewasocmo.myhome.cx/7c33c32c36/Heart-on-Fire-Kingmaker-Chronicles-3-by-Amanda-Bouchet.pdf
    • http://ewasocmo.myhome.cx/3c33c34c31c37c38/Nightchaser-Endeavor-1-by-Amanda-Bouchet.pdf
    • http://ewasocmo.myhome.cx/3c38c32c38c39c32/Fire-of-the-Heart-Pembroke-Eve-Chronicles-4-by-Mark-Alders.pdf
    • http://ewasocmo.myhome.cx/4c37c34c36c32/The-Last-Dragon-Chronicles-Complete-Set-Books-1-5-The-Fire-Within-Icefire-Fire-Star-The-Fire-Eternal-and-Dark-Fire-5-Book-Set-by-Chris-d-39-Lacey.pdf
    • http://ewasocmo.myhome.cx/2c31c33c36c36c35/Lord-of-Fire-Fire-Chronicles-1-by-Susi-Wright.pdf
    • http://ewasocmo.myhome.cx/1c30c33c37c31c38c30/Your-Heart-to-Keep-Holly-and-Jax-by-Amanda-Mackey.pdf
    • http://ewasocmo.myhome.cx/4c31c31c34c37c36/Talon-The-Astor-Chronicles-1-by-Amanda-Greenslade.pdf
    • http://ewasocmo.myhome.cx/1c31c30c38c37c36c32/Rustler-s-Heart-The-Kinnison-Legacy-2-by-Amanda-McIntyre.pdf
    • http://ewasocmo.myhome.cx/3c38c36c33c36c38/Noble-Imposter-Cantral-Chronicles-2-by-Amanda-L-Davis.pdf
    • http://ewasocmo.myhome.cx/1c31c35c32c30c38c36/Tanza-The-Astor-Chronicles-Book-2-by-Amanda-Greenslade.pdf
    • http://ewasocmo.myhome.cx/1c37c37c31c35c38/Crystal-Kingdom-Kanin-Chronicles-3-by-Amanda-Hocking.pdf
    • http://ewasocmo.myhome.cx/2c34c30c31c31c31/Kingdoms-of-Dust-The-Necromancer-Chronicles-3-by-Amanda-Downum.pdf
    • http://ewasocmo.myhome.cx/4c33c30c37c32c33/The-King-s-Games-Kanin-Chronicles-0-5-by-Amanda-Hocking.pdf
    • http://ewasocmo.myhome.cx/1c34c37c31/Crystal-Kingdom-Kanin-Chronicles-3-by-Amanda-Hocking.pdf
    • http://ewasocmo.myhome.cx/3c37c34c36c33c33/Heart-on-Fire-by-Charlotte-Lamb.pdf
    • http://ewasocmo.myhome.cx/3c32c39c32c32c34/A-Fire-in-the-Heart-by-Katherine-Sutcliffe.pdf
    • http://ewasocmo.myhome.cx/1c38c38c37c37c37/Heart-of-Fire-by-Kristen-Painter.pdf
    • http://ewasocmo.myhome.cx/6c38c32c33c30c34/Voyage-a-Travers-L-Infirmite-Du-Non-Etre-Valide-a-la-Construction-Du-Soi-Handicape-by-Andr-du-Bouchet.pdf
    • http://ewasocmo.myhome.cx/5c36c33c39c38c37/Allan-Kardec-L-homme-qui-parlait-aux-Esprits-Camion-Noir-by-Christian-Bouchet.pdf
    • http://ewasocmo.myhome.cx/3c30c30c31c39c39/Kingmaker-by-Justine-Elyot.pdf
    • http://ewasocmo.myhome.cx/3c38c36c33c36c38/Noble-Imposter-Cantral-Chronicles-2-by-Aman

Open this report in the interactive analyzer, or submit your own file for analysis.