Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a8d86f0ef8e051c…

MALICIOUS

PDF

17.6 KB Created: 2019-05-02 18:19:51 +01:00 Authoring application: mPDF 5.7
MD5: c6a6df4268d048d4df4afcc46f4483a5 SHA-1: 786c319c39aacaedbfc9555462afb190a1ac3e8d SHA-256: 7a8d86f0ef8e051c82641b11a67ef8a8992c30b2590dd82fed87ce2e1134df0e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file is a PDF that contains multiple embedded URLs pointing to a suspicious domain, suggesting it is a dropper. The ClamAV detection as 'Pdf.Dropper.Agent-7185060-0' and the ML classifier output strongly indicate malicious intent. The embedded URLs are likely used to download a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7185060-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7185060-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kiteeearpdf.myhome.cx/6f213f218f210f216f216/Ivanhoe-Volume-I-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/9f216f211f213f213f218/Ivanhoe---Illustrierte-Ausgabe-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/6f213f218f210f216f219/Ivanhoe-Classics-Illustrated-2-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/5f219f210f213f217f213/Ivanho-Annot-Version-fran-aise-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/6f213f218f211f212f215/Sir-Walter-Scott-s-Ivanhoe-and-the-Heart-of-Midlothian-Quentin-Durward-by-Richard-Dunlavey.pdf
    • http://kiteeearpdf.myhome.cx/3f215f213f214f216f216/Rob-Roy-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/3f213f210f219f214f214/Marmion-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/1f215f212f217f216f210/The-Monastery-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/3f215f215f210f218f213/Kenilworth-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/4f214f210f214f218f214/The-Monastery-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/5f219f216f217f218f215/The-Pirate-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/1f215f211f212f219f217/The-Heart-of-Midlothian-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/4f218f217f214f210f217/The-Fair-Maid-of-Perth-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/4f217f213f210f214/Young-Walter-Scott-by-Elizabeth-Gray-Vining.pdf
    • http://kiteeearpdf.myhome.cx/9f214f212f212f214f218/Goetz-of-Berlichingen-with-the-Ironhand-A-Tragedy-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/4f216f212f212f215f217/The-Lady-of-the-Lakes-The-True-Love-Story-of-Sir-Walter-Scott-Historical-Proper-Romance-2-by-Josi-S-Kilpack.pdf
    • http://kiteeearpdf.myhome.cx/9f216f215f210f211f217/Erz-hlungen-der-Kreuzfahrer-Die-Verlobten-Der-Talisman-Richard-L-wenherz-in-Pal-stina---Vollst-ndige-deutsche-Ausgaben-Rittergeschichten-Historische-Romane-12-Jahrhundert-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/1f211f219f217f212f216f213/Erz-hlungen-aus-dem-schottischen-Hochland-Der-Graf-mit-dem-zweiten-Gesicht-Hochl-nder-Ehre-Der-Zauberspiegel-Vollst-ndige-deutsche-Ausgabe-Historischen-Geschichten-und-Sagen-by-Walter-Scott.pdf
    • http://kiteeearpdf.myhome.cx/6f213f218f210f219f214/Ivanhoe-by-ScottWalter.pdf
    • http://kiteeearpdf.myhome.cx/7f210f216f213f217f215/Where-s-My-Mom-and-Dad-by-Ivanhoe-Chaput.pdf
    • http://kiteeearpdf.myhome.cx/4f218f217f214f210

Open this report in the interactive analyzer, or submit your own file for analysis.