Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a82f7774d0cc89e…

MALICIOUS

PDF

47.8 KB Created: 2018-12-02 10:54:52 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: 119a7873ba8eab9bfd67f65dfe0e1a66 SHA-1: 9cbea969a0483ecaa76d058c47db6ce4ae9196a8 SHA-256: 7a82f7774d0cc89eb11f8f72d8714c136dffeb48bbf03090964d2423c240e3d7
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The file is a PDF document that contains multiple embedded URLs pointing to external PDF files. The ClamAV detection 'Pdf.Dropper.Agent-7145804-0' and the ML classifier strongly indicate malicious intent. The embedded URLs suggest a dropper or downloader pattern, where the initial PDF serves as a lure to trick the user into accessing and potentially downloading further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7145804-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7145804-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/3-16-the-code-for-your-life-elementary-edition.pdf
    • http://www.gorillawalker.com/el-espejo-del-futuro-mirror-of-the-future-spanish-edition.pdf
    • http://www.gorillawalker.com/acoustics-waves-and-oscillations.pdf
    • http://www.gorillawalker.com/margaret-shepherd-s-calligraphy-projects.pdf
    • http://www.gorillawalker.com/c-francis-jenkins-pioneer-of-film-and-television-history-of.pdf
    • http://www.gorillawalker.com/tiny-house-living-ideas-for-building-and-living-well-in.pdf
    • http://www.gorillawalker.com/propulsion-systems-using-in-situ-propellants-for-a-mars-ascent.pdf
    • http://www.gorillawalker.com/father-son-a-study-of-two-temperaments.pdf
    • http://www.gorillawalker.com/hu-16-albatross-in-action-aircraft-no-161.pdf
    • http://www.gorillawalker.com/certified-payroll-professional-exam-flashcard-study-system-cpp-test-practice.pdf
    • http://www.gorillawalker.com/the-modern-dance-magazine-january-february-march-1918-vol-ii.pdf
    • http://www.gorillawalker.com/reading-essentials-for-biology-an-interactive-student-textbook.pdf
    • http://www.gorillawalker.com/dreams-tonight-s-answers-for-tomorrows-questions-edgar-cayce-s.pdf
    • http://www.gorillawalker.com/ict-interact-for-key-stage-3-year-7-dynamic-learning.pdf
    • http://www.gorillawalker.com/strategic-nuclear-war-what-the-superpowers-target-and-why-contributions.pdf
    • http://www.gorillawalker.com/feldgrau-1915-16-the-war-and-peace-time-uniforms-of.pdf
    • http://www.gorillawalker.com/dc-ac-circuits.pdf
    • http://www.gorillawalker.com/ten-days-in-a-madhouse.pdf
    • http://www.gorillawalker.com/algebras-in-analysis.pdf
    • http://www.gorillawalker.com/eating-ignatius-recipes-and-stories-inspired-by-a-confederacy-of.pdf
    • http://www.gorillawalker.com/celtic-crossroads-the-art-of-van-morrison-sanctuary-music-library.pdf
    • http://www.gorillawalker.com/cuentos-y-relatos-de-la-literatura-colombiana-tomo-i-tierra.pdf
    • http://www.gorillawalker.com/giant-shark-megalodon-the-super-prehistoric-predator.pdf
    • http://www.gorillawalker.com/handbook-of-reading-interventions.pdf
    • http://www.gorillawalker.com/plays-containing-the-four-pleasant-plays-arms-and-the-man.pdf
    • http://www.gorillawalker.com/pathways-of-care-in-vascular-surgery.pdf
    • http://www.gorillawalker.com/medicare-and-medicaid-coverage-therapies-and-supplies-for-inflammatory-bowel.pdf
    • http://www.gorillawalker.com/new-constellations-movie-stars-of-the-1960s-star-decades-american.pdf
    • http://www.gorillawalker.com/palladio-s-children-essays-on-everyday-environment-and-the-architect.pdf
    • http://www.gorillawalker.com/annals-and-antiquities-of-the-counties-and-county-families-of.pdf
    • http://www.gorillawalker.com/recitative-and-duet-oh-cielo-no-6-from-il-barbiere.pdf
    • http://www.gorillawalker.com/captive-shared.pdf
    • http://www.gorillawalker.com/use-your-body-to-heal-your-mind-revolutionary-methods-to.pdf
    • http://www.gorillawalker.com/bilingual-book-in-english-and-korean-monkey-learn-korean-for.pdf
    • http://www.gorillawalker.com/natural-law-theories-in-the-early-enlightenment-ideas-in-context.pdf
    • http://www.gorillawalker.com/wallpaper-city-guide-palma-2013.pdf
    • http://www.gorillawalker.com/real-estate-investment.pdf
    • http://www.gorillawalker.com/neighborhood-easter-egg-hunt.pdf
    • http://www.gorillawalker.com/the-wright-brothers-as-engineers-an-appraisal-and-flying-with.pdf
    • http://www.gorillawalker.com/betty-crocker-s-frankly-fancy-foods-recipe-book-cookbook-cook.pdf
    • http://www.gorillawalker.com/father-son-a-study-of-two-temperame
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.