Malicious PDF — malware analysis report

Static analysis result for SHA-256 874530533f601971…

MALICIOUS

PDF

14.9 KB Created: 2020-03-18 21:51:59 +00:00 Authoring application: mPDF 5.7
MD5: 7ba9ff0f287fd663584cb911cdd1ffc6 SHA-1: 1b5bb164c4084f0f2dd0eea8376607f851df4a2d SHA-256: 874530533f6019719ebe8538aa0a58a4151c9e3567392ed08431f60adbfe63a0
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as a malicious PDF dropper by ClamAV and an ML classifier. It contains numerous embedded URLs that are presented as book titles, likely to trick users into downloading malicious content. The presence of these URLs suggests an attempt to deliver a second-stage payload, aligning with the T1059.007 (JavaScript) technique due to the PDF's nature, and T1566.001 (Spearphishing Attachment) as the likely initial access vector.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7674338-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7674338-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://tikytsesapdf.myhome.cx/578c178c678c078c778c1/A-Kiss-To-Remember-Affairs-To-Remember-1-by-Miranda-Lee.pdf
    • http://tikytsesapdf.myhome.cx/178c478c478c878c578c4/Remember-When-2-The-Sequel-Remember-Trilogy-2-by-T-Torrest.pdf
    • http://tikytsesapdf.myhome.cx/178c478c778c478c578c0/Remember-When-3-The-Finale-Remember-Trilogy-3-by-T-Torrest.pdf
    • http://tikytsesapdf.myhome.cx/378c678c878c978c678c5/Remember-When-3-The-Finale-Remember-Trilogy-3-by-T-Torrest.pdf
    • http://tikytsesapdf.myhome.cx/878c478c678c078c378c3/I-Remember-You-I-Remember-You-1-by-Scarlett-Metal.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c578c0/You-Will-Reap-What-You-Sow-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c178c2/We-Were-There-Orchestration-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c478c878c5/Reasons-to-Thank-You-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c278c578c2/Upon-This-Rock-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c478c378c4/Within-These-Walls-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c078c1/Thanks-for-Giving-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c678c3/The-Coming-of-the-Lord-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c078c0/Lay-Up-Your-Treasures-in-Heaven-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c478c278c6/Go-Sing-It-on-the-Mountain-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c078c3/Seeking-the-King-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c478c7/King-of-Suffering-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c278c978c6/King-of-Suffering-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c478c5/With-Open-Hearts-We-Are-Waiting-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c478c9/The-Spirit-Makes-All-Things-New-by-Pepper-Choplin.pdf
    • http://tikytsesapdf.myhome.cx/778c578c578c378c578c2/Angels-Are-Making-Their-Rounds-by-Pepper-Choplin.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.