Malicious PDF — malware analysis report

Static analysis result for SHA-256 5869b00a1e6f3bdd…

MALICIOUS

PDF

42.3 KB Created: 2018-12-15 08:11:56 +03:00 Authoring application: Word 10.0 (via AFPL Ghostscript 8.13)
MD5: 10918937b5a76c99ed1df2f712628391 SHA-1: 939418d17af08f052285258f65ec782cbfad0832 SHA-256: 5869b00a1e6f3bdd64c07eb8e9f781f2e65f64179c0f77029463de8fb7aee0dd
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The PDF contains numerous embedded URLs pointing to external documents, suggesting a lure or redirection mechanism. The presence of PDF_URI and EMBEDDED_URL heuristics further supports this. The primary attack pattern involves leveraging these links to potentially deliver further malicious content or phishing pages to the user.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7262655-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7262655-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/can-business-prevent-unemployment.pdf
    • http://www.gorillawalker.com/annual-editions-american-government-44-e.pdf
    • http://www.gorillawalker.com/evoked-potential-manual-a-practical-guide-to-clinical-applications.pdf
    • http://www.gorillawalker.com/fun-farm-animal-mazes-dover-children-s-activity-books.pdf
    • http://www.gorillawalker.com/pacific-power-light-wind-energy-resource-study.pdf
    • http://www.gorillawalker.com/readings-in-medical-sociology.pdf
    • http://www.gorillawalker.com/driver-and-traffic-safety-education.pdf
    • http://www.gorillawalker.com/stadt-der-finsternis-fluch-der-magie-german-edition.pdf
    • http://www.gorillawalker.com/elastic-and-charge-exchange-scattering-of-elementary-particles-elastische-und.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-cakes-cookies-8-creole.pdf
    • http://www.gorillawalker.com/truthful-change.pdf
    • http://www.gorillawalker.com/the-regensburg-lecture.pdf
    • http://www.gorillawalker.com/osman-s-dream-the-history-of-the-ottoman-empire.pdf
    • http://www.gorillawalker.com/secret-sex-lives-a-year-on-the-fringes-of-american.pdf
    • http://www.gorillawalker.com/deleuze-on-music-painting-and-the-arts-deleuze-and-the.pdf
    • http://www.gorillawalker.com/bukhari-authentic-kosher-food-2013-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/caribbean-sunseekers-st-vincent-and-the-grenadines-caribbean-sunseekers.pdf
    • http://www.gorillawalker.com/komodo-dragons-reptile-discovery-library.pdf
    • http://www.gorillawalker.com/european-short-sea-shipping.pdf
    • http://www.gorillawalker.com/battle-scars-volume-1.pdf
    • http://www.gorillawalker.com/think-and-grow-rich-comic-the-10-secrets-of-success.pdf
    • http://www.gorillawalker.com/what-is-chromatography-a-very-brief-history-hplc-made-easy.pdf
    • http://www.gorillawalker.com/the-politics-of-gender-and-the-culture-of-sexuality-western.pdf
    • http://www.gorillawalker.com/water-quality-engineering-for-practicing-engineers.pdf
    • http://www.gorillawalker.com/euripides-4-ion-children-of-heracles-the-madness-of-heracles.pdf
    • http://www.gorillawalker.com/infrared-spectra-of-inorganic-and-coordination-compounds.pdf
    • http://www.gorillawalker.com/ethical-investing.pdf
    • http://www.gorillawalker.com/caffeine-advantage-how-to-sharpen-your-mind-improve-your-physical.pdf
    • http://www.gorillawalker.com/loving-day-a-novel.pdf
    • http://www.gorillawalker.com/from-the-holy-mountain-a-journey-in-the-shadow-of.pdf
    • http://www.gorillawalker.com/naturally-sweet-blender-treats-55-fresh-from-the-blender-recipes.pdf
    • http://www.gorillawalker.com/beautiful-patterns-from-nature-draw-doodle-create.pdf
    • http://www.gorillawalker.com/maintaining-health.pdf
    • http://www.gorillawalker.com/success-with-words-3rd-edition.pdf
    • http://www.gorillawalker.com/more-than-one-kinky-menage-group-sex-bundle.pdf
    • http://www.gorillawalker.com/introducing-semiotics-a-graphic-guide.pdf
    • http://www.gorillawalker.com/ghost-sword-kindle-edition.pdf
    • http://www.gorillawalker.com/the-crisis-in-african-agriculture-studies-in-african-political-economy.pdf
    • http://www.gorillawalker.com/tackling-complexity-a-systemic-approach-for-decision-makers.pdf
    • http://www.gorillawalker.com/galatians-a-12-week-study-knowing-the-bible.pdf
    • http://www.gorillawalker.com/stadt-der-finsternis-fluch-der-magie-g
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.