Malicious PDF — malware analysis report

Static analysis result for SHA-256 8bb8a4a150258337…

MALICIOUS

PDF

16.9 KB Created: 2019-05-01 05:53:38 +01:00 Authoring application: mPDF 5.7
MD5: a1236dfe224ced5f9fdaf9dd9c34221c SHA-1: fbe78ca67305accebad628f018671a27029d34f6 SHA-256: 8bb8a4a1502583377cf686161d0a13256e2e7a87f74ff5305b05b6fbd9589646
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file was detected as a malicious PDF dropper by ClamAV and flagged by an ML classifier. The document body contains numerous embedded URLs that point to external resources, suggesting a delivery mechanism for further malicious content. While the specific intent of the embedded URLs is unclear due to their benign reputation labels, the overall structure and detection results indicate a malicious dropper.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7426686-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7426686-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://seasasac.lflinkup.com/3da0da1da4da1da4/What-Lies-Between-Us-The-Breakfast-Club-3-5-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/2da8da6da1da8da1/Second-to-None-The-Breakfast-Club-3-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/8da7da4da3da7da1/Beyond-the-Surface-The-Breakfast-Club-1-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/3da0da0da2da8da7/The-Arrangement-Soulmates-1-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/3da0da0da3da1da4/Embrace-the-Fire-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/3da0da2da0da1da3/The-Greatest-Gift-Memories-2-5-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/3da2da8da8da9da2/After-the-Fire-Through-Hell-and-Back-2-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/3da0da0da3da0da8/Memories-of-the-Heart-Memories-1-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/2da8da6da1da7da9/Memories-of-the-Heart-Memories-1-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/2da8da6da1da0da3/Rescued-Rescued-Hearts-1-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/3da6da1da9da9da2/Rescued-Rescued-Hearts-1-by-Felice-Stevens.pdf
    • http://seasasac.lflinkup.com/3da1da6da8da5da1/Club-Nexus-Ivy-Granger-2-5-by-E-J-Stevens.pdf
    • http://seasasac.lflinkup.com/1da6da8da3da1da1/American-Conspiracies-Lies-Lies-and-More-Dirty-Lies-that-the-Government-Tells-Us-by-Jesse-Ventura.pdf
    • http://seasasac.lflinkup.com/1da0da1da0da1da0/American-Conspiracies-Lies-Lies-and-More-Dirty-Lies-that-the-Government-Tells-Us-by-Jesse-Ventura.pdf
    • http://seasasac.lflinkup.com/3da8da8da5da0da8/Kyles-Bed-amp-Breakfast-A-Second-Bowl-Of-Serial-Kyles-Bed-amp-Breakfast-2-by-Greg-Fox.pdf
    • http://seasasac.lflinkup.com/4da8da3da6/Crown-of-Lies-Truth-and-Lies-Duet-1-by-Pepper-Winters.pdf
    • http://seasasac.lflinkup.com/4da5da6da6da4da4/Lies-Damned-Lies-and-History-by-Jodi-Taylor.pdf
    • http://seasasac.lflinkup.com/1da3da2da3da1da2/Deceiving-Lies-Forgiving-Lies-2-by-Molly-McAdams.pdf
    • http://seasasac.lflinkup.com/1da9da8da0da4/Dryland-s-End-by-Felice-Picano.pdf
    • http://seasasac.lflinkup.com/9da7da1da1da5da9/Tell-Me-No-Lies-Truth-and-Lies-4-by-Delphine-Dryden.pdf
    • http://seasasac.lflinkup.com/3da6da1da9da9da2/Rescued-Rescued-Hearts-1-by-Felice-Steven

Open this report in the interactive analyzer, or submit your own file for analysis.