Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d455778e652dc9c…

MALICIOUS

PDF

42.9 KB Created: 2018-11-15 19:33:29 +03:00 Authoring application: Adobe Illustrator CS3 (via Adobe PDF library 8.00)
MD5: de4785fa4a56d6f70b62ff8c04bf1f63 SHA-1: 94087ce9eea99b777c6972fac92626845f50cf18 SHA-256: 8d455778e652dc9c32887fab152f5822cec8144a8a53c2c4253af1b5bb3692fa
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document that contains multiple embedded URIs pointing to other PDF files. The ClamAV detection 'Pdf.Dropper.Agent-7281136-0' and the ML classifier strongly indicate malicious intent. The embedded URLs likely serve as a lure to download further malicious content, such as additional PDFs or executables, which is a common dropper technique.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7281136-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7281136-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-camper-s-pocket-handbook-a-backcountry-traveler-s-companion.pdf
    • http://www.gorillawalker.com/james-hemphill-s-account-of-a-visit-to-maryland-in.pdf
    • http://www.gorillawalker.com/terrorism-an-interdisciplinary-perspective-3rd.pdf
    • http://www.gorillawalker.com/black-elected-officials-a-statistical-summary-1993-1997.pdf
    • http://www.gorillawalker.com/el-siku-o-zampona-the-altiplano-bipolar-siku-study-and.pdf
    • http://www.gorillawalker.com/silicon-gold-rush-the-next-generation-of-high-tech-stars.pdf
    • http://www.gorillawalker.com/the-family-romance.pdf
    • http://www.gorillawalker.com/fc-barcelona-a-tactical-analysis-attacking-by-terzis-athanasios-feb.pdf
    • http://www.gorillawalker.com/great-sausage-recipes-meat-curing-4th-edition.pdf
    • http://www.gorillawalker.com/east-pakistan-genocide-and-persecution.pdf
    • http://www.gorillawalker.com/case-study-how-i-beat-an-entire-cold-callers-team.pdf
    • http://www.gorillawalker.com/dispute-poems-and-dialogues-in-the-ancient-and-mediaeval-near.pdf
    • http://www.gorillawalker.com/my-dog-tulip.pdf
    • http://www.gorillawalker.com/beginning-pearls-pearls-before-swine.pdf
    • http://www.gorillawalker.com/dixie-bohemia-a-french-quarter-circle-in-the-1920s-walter.pdf
    • http://www.gorillawalker.com/new-perspectives-in-basin-analysis-frontiers-in-sedimentary-geology.pdf
    • http://www.gorillawalker.com/mathematical-statistics-with-applications.pdf
    • http://www.gorillawalker.com/key-facts-on-israel-essential-information-on-israel-the-internationalist.pdf
    • http://www.gorillawalker.com/photonics-modern-communications-optoelectronics-sixth-edition-chinese-edition.pdf
    • http://www.gorillawalker.com/bronx-masquerade.pdf
    • http://www.gorillawalker.com/golf-courses-2008-square-wall-calendar-multilingual-edition.pdf
    • http://www.gorillawalker.com/the-sketchnote-handbook-video-edition-the-illustrated-guide-to-visual.pdf
    • http://www.gorillawalker.com/juridical-studies-in-ancient-indian-law.pdf
    • http://www.gorillawalker.com/c-i-b-1969-a-combat-infantryman-s-journey.pdf
    • http://www.gorillawalker.com/mathematical-statistics-with-resampling-and-r-probability-with-applications-and.pdf
    • http://www.gorillawalker.com/fortunate-son-the-unlikely-rise-of-keith-urban.pdf
    • http://www.gorillawalker.com/reconstructing-restorative-justice-philosophy.pdf
    • http://www.gorillawalker.com/parallel-graph-algorithms-chapman-hall-crc-computational-science-digital.pdf
    • http://www.gorillawalker.com/i-must-be-a-part-of-this-war-a-german.pdf
    • http://www.gorillawalker.com/make-ahead-meals-easy-freezer-recipes-to-make-ahead-for.pdf
    • http://www.gorillawalker.com/the-coming-fury-the-centennial-history-of-the-civil-war.pdf
    • http://www.gorillawalker.com/somewhere-in-the-northwest-on-the-road-in-oregon-and.pdf
    • http://www.gorillawalker.com/truck-systems-design-handbook-progress-in-technology.pdf
    • http://www.gorillawalker.com/the-miner-s-daughter-the-families-of-fairley-terraces-sagas.pdf
    • http://www.gorillawalker.com/2016-live-boldly-mini-calendar.pdf
    • http://www.gorillawalker.com/normandy-map-guide.pdf
    • http://www.gorillawalker.com/soldier-training-publication-stp-12-420a-ofs-soldier-s-manual.pdf
    • http://www.gorillawalker.com/the-norton-book-of-composition-studies.pdf
    • http://www.gorillawalker.com/developmental-baby-massage-therapeutic-touch-techniques-for-making-your-baby.pdf
    • http://www.gorillawalker.com/birds-of-the-middle-east-princeton-field-guides.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.