Malicious PDF — malware analysis report

Static analysis result for SHA-256 8410c4e964073521…

MALICIOUS

PDF

43.6 KB Created: 2018-12-15 20:46:57 +03:00 Authoring application: Adobe InDesign CC 2015 (Macintosh) (via Adobe PDF Library 15.0)
MD5: 2fc874a802105e55d06cd68d5d0339c7 SHA-1: 163009455c8014ab79f2f1ce043cb8633cdd4fa4 SHA-256: 8410c4e964073521efcbcb744f287eafc988527e26ab0ab860e57061ba0071e4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is a PDF document that contains embedded URLs. One of these URLs, http://www.gorillawalker.com/the-cult-of-bolivar-in-latin-american-literature.pdf, is flagged as an external URI. The ML classifier and ClamAV detection strongly indicate malicious intent, likely a dropper mechanism attempting to redirect the user to download further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7278300-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7278300-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-cult-of-bolivar-in-latin-american-literature.pdf
    • http://www.gorillawalker.com/juicing-recipes-juice-diet-recipes-for-you-to-lose-weight.pdf
    • http://www.gorillawalker.com/the-silver-bomb-the-end-of-paper-wealth-is-upon.pdf
    • http://www.gorillawalker.com/unconventional-means.pdf
    • http://www.gorillawalker.com/herod-reflections-on-political-violence-kindle-edition.pdf
    • http://www.gorillawalker.com/questioning-collapse-human-resilience-ecological-vulnerability-and-the-aftermath-of.pdf
    • http://www.gorillawalker.com/flutter-my-blood-approves-book-3.pdf
    • http://www.gorillawalker.com/augustus-the-life-of-rome-s-first-emperor-unabridged-audible.pdf
    • http://www.gorillawalker.com/people-and-wildlife-conflict-or-co-existence-conservation-biology.pdf
    • http://www.gorillawalker.com/the-travel-diary-of-robert-bargrave-levant-merchant-1647-1656.pdf
    • http://www.gorillawalker.com/tracers-in-hydrology-iahs-proceedings-reports.pdf
    • http://www.gorillawalker.com/harry-potter-et-la-chambre-des-secrets-french-edition.pdf
    • http://www.gorillawalker.com/the-math-tutor-a-novel.pdf
    • http://www.gorillawalker.com/pikmin-prima-official-game-guide-prima-official-game-guides.pdf
    • http://www.gorillawalker.com/standards-for-blood-banks-and-transfusion-services-28th-edition.pdf
    • http://www.gorillawalker.com/financial-peace-dumping-debt-plus-cash-flow-planning.pdf
    • http://www.gorillawalker.com/automotive-science-and-mathematics.pdf
    • http://www.gorillawalker.com/the-lost-cause-the-standard-southern-history-of-the-war.pdf
    • http://www.gorillawalker.com/250-pieces-of-haiku.pdf
    • http://www.gorillawalker.com/the-divide-book-1-uprising.pdf
    • http://www.gorillawalker.com/the-miner-s-a-z-unofficial-compendium-for-minecraft-combat.pdf
    • http://www.gorillawalker.com/captains-of-crush-grippers-what-they-are-and-how-to.pdf
    • http://www.gorillawalker.com/mummies-ancient-egyptian-mysteries-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/weathering-and-durability-in-landscape-architecture-fundamentals-practices-and-case.pdf
    • http://www.gorillawalker.com/insects-spiders-and-other-terrestrial-arthropods-smithsonian-handbooks-smithsonian-handbooks.pdf
    • http://www.gorillawalker.com/antifragile-things-that-gain-from-disorder-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/advanced-lithium-ion-batteries-recent-trends-and-perspectives-new-materials.pdf
    • http://www.gorillawalker.com/submarines-modern-military-techniques.pdf
    • http://www.gorillawalker.com/cultural-policy-and-arts-management-korean-edition.pdf
    • http://www.gorillawalker.com/radiohead-the-stories-behind-every-song-stories-behind-the-songs.pdf
    • http://www.gorillawalker.com/the-life-of-jesus-christ-and-biblical-revelations-from-the.pdf
    • http://www.gorillawalker.com/knowing-the-enemy-jihadist-ideology-and-the-war-on-terror.pdf
    • http://www.gorillawalker.com/la-lagartija-y-el-sol-the-lizard-and-the-sun.pdf
    • http://www.gorillawalker.com/isdn-and-broadband-isdn-hardcover.pdf
    • http://www.gorillawalker.com/three-dialogues-between-hylas-philonous.pdf
    • http://www.gorillawalker.com/homme-rapaille-poesie-gallimard-french-edition.pdf
    • http://www.gorillawalker.com/365-trout-flies-patterns-and-recipes-for-a-year-of.pdf
    • http://www.gorillawalker.com/aromatherapy-quickstudy-health.pdf
    • http://www.gorillawalker.com/multiple-imputation-and-its-application.pdf
    • http://www.gorillawalker.com/the-best-ever-book-of-mailman-jokes-lots-and-lots.pdf
    • http://www.gorillawalker.com/quest
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.