Malicious PDF — malware analysis report

Static analysis result for SHA-256 840f5c1a0e37dd32…

MALICIOUS

PDF

45.3 KB Created: 2019-03-17 10:25:13 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: a315412df35bd1a6edf5f3beacd8aba2 SHA-1: 8016c0d1426194e5847d0946619d24f69a47d5de SHA-256: 840f5c1a0e37dd329e7a8ca817eef3874abef11cb813509d393a8aa4d4520ca3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document flagged by ClamAV as Pdf.Dropper.Agent-7145036-0 and a machine learning classifier. It contains an embedded URI pointing to an external PDF file, suggesting a dropper or downloader functionality. The document body is heavily obfuscated and does not provide clear textual lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8822

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7145036-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7145036-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/abraham-or-aristotle-first-millennium-empires-and-exegetical-traditions-an.pdf
    • http://www.gorillawalker.com/aceee-summer-study-on-energy-efficienct-in-buildings-effeciency-and.pdf
    • http://www.gorillawalker.com/desobedientes-de-chiapas-a-madrid-spanish-edition.pdf
    • http://www.gorillawalker.com/making-and-writing-words-grades-3-6-four-blocks-literacy.pdf
    • http://www.gorillawalker.com/black-and-human-rediscovering-king-as-a-resource-for-black.pdf
    • http://www.gorillawalker.com/tuner-cars-full-throttle.pdf
    • http://www.gorillawalker.com/i-took-my-frog-to-the-library-picture-puffins.pdf
    • http://www.gorillawalker.com/children-s-book-bruce-the-moose-jenny-bedtime-story-beginner.pdf
    • http://www.gorillawalker.com/super-6-comprehension-strategies-35-lessons-and-more-for-reading.pdf
    • http://www.gorillawalker.com/war-for-lebanon-1970-83.pdf
    • http://www.gorillawalker.com/ocr-as-music-revision-guide.pdf
    • http://www.gorillawalker.com/how-to-build-the-catspaw-dinghy-a-boat-for-oar.pdf
    • http://www.gorillawalker.com/binary-puzzles-14x14-medium-volume-9-276-puzzles.pdf
    • http://www.gorillawalker.com/pedro-and-me-friendship-loss-and-what-i-learned.pdf
    • http://www.gorillawalker.com/the-holy-spirit-in-african-christianity-an-empirical-study-paternoster.pdf
    • http://www.gorillawalker.com/laboratory-manual-for-microelectronic-circuits.pdf
    • http://www.gorillawalker.com/sonata-no-1-in-f-tuba.pdf
    • http://www.gorillawalker.com/romanian-mountains-map.pdf
    • http://www.gorillawalker.com/the-corporate-athlete-how-to-achieve-maximal-performance-in-business.pdf
    • http://www.gorillawalker.com/laubach-way-to-reading-teacher-s-manual-for-skill-book.pdf
    • http://www.gorillawalker.com/fresh-horses.pdf
    • http://www.gorillawalker.com/martin-chambi-1920-1950.pdf
    • http://www.gorillawalker.com/practice-assess-diagnose-180-days-of-reading-for-fourth-grade.pdf
    • http://www.gorillawalker.com/the-great-psychedelic-discography-music-v-1.pdf
    • http://www.gorillawalker.com/vintage-cocktails-retro-recipes-for-the-home-mixologist.pdf
    • http://www.gorillawalker.com/carpentry-and-joinery-volume-2-second-edition.pdf
    • http://www.gorillawalker.com/crooked-road-straight-the-awakening-of-aids-activist-linda-jordan.pdf
    • http://www.gorillawalker.com/jammeh-the-nation-builder-a-testament-of-president-jammeh-s.pdf
    • http://www.gorillawalker.com/literary-disruptions-the-making-of-a-post-contemporary-american-fiction.pdf
    • http://www.gorillawalker.com/linear-algebraic-groups-mathematics-lecture-note-series.pdf
    • http://www.gorillawalker.com/low-carb-juices-and-smoothies-50-healthy-delicious-recipes.pdf
    • http://www.gorillawalker.com/theory-in-contemporary-art-since-1985.pdf
    • http://www.gorillawalker.com/catching-alicka-other-world-2-siren-publishing-classic-kindle-edition.pdf
    • http://www.gorillawalker.com/financial-management-for-nurse-managers-and-executives-pageburst-e-book.pdf
    • http://www.gorillawalker.com/the-quintessential-wedding-guide-maid-of-honor.pdf
    • http://www.gorillawalker.com/texes-physics-mathematics-7-12-243.pdf
    • http://www.gorillawalker.com/economics-for-helen.pdf
    • http://www.gorillawalker.com/deeds-of-violence-in-greek-tragedy.pdf
    • http://www.gorillawalker.com/employee-retention-solving-the-healthcare-crisis-ache-management.pdf
    • http://www.gorillawalker.com/vitiello-s-criminal-procedure-simulations-bridge-to-practice.pdf
    • http://www.gorillawalker.com/desobedientes-de-chiapas-a-madrid-spanish-editi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.