Malicious PDF — malware analysis report

Static analysis result for SHA-256 88ce91dd24a1fb89…

MALICIOUS

PDF

16.0 KB Created: 2020-03-15 22:13:25 +00:00 Authoring application: mPDF 5.7
MD5: a23d1e1c6061a8478ca843f8b97c959e SHA-1: 5791025cc45ef6ef75d2242d64cf186ce6248159 SHA-256: 88ce91dd24a1fb89a84168dba288513babc216d4ce4173dd8106be33e2aa5a06
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

This PDF was flagged by ClamAV as Pdf.Dropper.Agent and by an ML classifier as malicious. It contains multiple embedded URLs pointing to external PDF files, suggesting a dropper functionality. The primary function appears to be redirecting the user to download additional malicious content from the listed URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9811

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-9600844-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9600844-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://laoieoa.myhome.cx/1c01c08c01c03c05c06/Gisela-s-Story-by-Lois-Jarman.pdf
    • http://laoieoa.myhome.cx/4c07c01c00c06/Indian-Captive-The-Story-of-Mary-Jemison-by-Lois-Lenski.pdf
    • http://laoieoa.myhome.cx/3c03c05c04c03c06/Cannibal-The-True-Story-Behind-the-Maneater-of-Rotenburg-by-Lois-Jones.pdf
    • http://laoieoa.myhome.cx/3c01c07c04c08c08/Cannibal-The-True-Story-Behind-the-Maneater-of-Rotenburg-by-Lois-Jones.pdf
    • http://laoieoa.myhome.cx/4c02c02c08c05c00/Mommy-Dressing-A-Love-Story-After-a-Fashion-by-Lois-Gould.pdf
    • http://laoieoa.myhome.cx/2c00c08c04c00c03/Meeting-Him-in-the-Wilderness-A-True-Story-of-Adventure-and-Faith-by-Lois-E-Olson.pdf
    • http://laoieoa.myhome.cx/1c04c07c06c04c01/Who-Killed-My-Daughter-The-True-Story-of-a-Mother-s-Search-for-Her-Daughter-s-Murderer-by-Lois-Duncan.pdf
    • http://laoieoa.myhome.cx/2c09c06c02c04c02/At-Your-Own-Risk-by-Derek-Jarman.pdf
    • http://laoieoa.myhome.cx/2c08c03c04c09c00/Damn-Good-Advice-For-People-with-Talent-How-To-Unleash-Your-Creative-Potential-by-America-s-Master-Communicator-George-Lois-by-George-Lois.pdf
    • http://laoieoa.myhome.cx/7c03c06c04c05c08/Lois-Lowry-by-Lois-Markham.pdf
    • http://laoieoa.myhome.cx/1c09c08c05c00c01/19-Knives-by-Mark-Anthony-Jarman.pdf
    • http://laoieoa.myhome.cx/1c08c03c01c02/Ireland-s-Eye-by-Mark-Anthony-Jarman.pdf
    • http://laoieoa.myhome.cx/3c00c01c06c01c01/Modern-Nature-by-Derek-Jarman.pdf
    • http://laoieoa.myhome.cx/2c09c06c03c07c03/Dancing-Ledge-by-Derek-Jarman.pdf
    • http://laoieoa.myhome.cx/3c02c03c01c06c07/Smiling-in-Slow-Motion-by-Derek-Jarman.pdf
    • http://laoieoa.myhome.cx/1c04c09c04c06c03/We-Speak-No-Treason-by-Rosemary-Hawley-Jarman.pdf
    • http://laoieoa.myhome.cx/1c05c03c00c06c05/The-King-s-Grey-Mare-by-Rosemary-Hawley-Jarman.pdf
    • http://laoieoa.myhome.cx/7c02c03c01c03c09/Fabrications-by-Gisela-Gamper.pdf
    • http://laoieoa.myhome.cx/3c04c00c07c04c01/Are-We-Nuts-by-Gisela-Hausmann.pdf
    • http://laoieoa.myhome.cx/1c01c08c01c03c05c05/Ruth-amp-Gisela-by-Elizabeth-Wix.pdf
    • http://laoieoa.myhome

Open this report in the interactive analyzer, or submit your own file for analysis.