Malicious PDF — malware analysis report

Static analysis result for SHA-256 8dddd3bef2bc8f19…

MALICIOUS

PDF

44.9 KB Created: 2018-12-15 20:47:17 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 4.05 for Windows)
MD5: 22565f67ed76a04a6f7ed4f55b8dd1d4 SHA-1: 6a401e9b2d0f790f44a5a5bfb26ef2cebed540ff SHA-256: 8dddd3bef2bc8f19532062b8a1b3ae51fb13eed0d426db93fdd79e9a9533c8e5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV with the signature Pdf.Dropper.Agent-7140593-0. Static analysis revealed multiple external URIs pointing to the domain gorillawalker.com, which are likely used to host and deliver a second-stage payload. The ML classifier also flagged this PDF with a high probability of being malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7140593-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140593-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/social-networks-and-health-models-methods-and-applications.pdf
    • http://www.gorillawalker.com/cookbook-101-healthy-vegan-asian-food-quick-easy-vegan-recipes.pdf
    • http://www.gorillawalker.com/massage-therapy-cards-learn-how-to-give-a-full-body.pdf
    • http://www.gorillawalker.com/back-to-the-rough-ground-phronesis-and-techne-in-modern.pdf
    • http://www.gorillawalker.com/green-harms-and-crimes-critical-criminology-in-a-changing-world.pdf
    • http://www.gorillawalker.com/second-nature-brain-science-and-human-knowledge.pdf
    • http://www.gorillawalker.com/the-politics-of-antipolitics-the-military-in-latin-america-latin.pdf
    • http://www.gorillawalker.com/the-last-home-of-mystery-amazing-travels-in-incredible-nepal.pdf
    • http://www.gorillawalker.com/vancouver-the-ultimate-guide.pdf
    • http://www.gorillawalker.com/cult-of-the-will-nervousness-and-german-modernity.pdf
    • http://www.gorillawalker.com/get-into-medical-school-600-ukcat-practice-questions-includes-full.pdf
    • http://www.gorillawalker.com/minds-on-fire-how-role-immersion-games-transform-college.pdf
    • http://www.gorillawalker.com/the-naked-truth-about-hedonism-ii-a-totally-unauthorized-naughty.pdf
    • http://www.gorillawalker.com/statistics-through-applications.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-argentina.pdf
    • http://www.gorillawalker.com/ducks-geese-the-game-fish-mastery-library.pdf
    • http://www.gorillawalker.com/notes-on-some-aspects-of-the-chronic-respiratory-disease-problem.pdf
    • http://www.gorillawalker.com/adding-neurotherapy-to-your-practice-clinician-s-guide-to-the.pdf
    • http://www.gorillawalker.com/sharon-g-flake-collection-the-boxed-set-of-3.pdf
    • http://www.gorillawalker.com/memoirs-of-madness.pdf
    • http://www.gorillawalker.com/chemistry-quantum-mechanics-and-reductionism-perspectives-in-theoretical-chemistry.pdf
    • http://www.gorillawalker.com/rock-a-bye-bride-the-colorado-fosters.pdf
    • http://www.gorillawalker.com/routledge-library-editions-the-english-language-questions-of-intonation-routledge.pdf
    • http://www.gorillawalker.com/on-your-mark-get-set-go-live-the-smart-approach.pdf
    • http://www.gorillawalker.com/canine-nutrigenomics-the-new-science-of-feeding-your-dog-for.pdf
    • http://www.gorillawalker.com/christmas-in-america-images-of-the-holiday-season-by-100.pdf
    • http://www.gorillawalker.com/the-birdwatcher-s-guide-to-hawai-i-kolowalu-books.pdf
    • http://www.gorillawalker.com/devil-s-bargain-a-couple-tested-kindle-edition.pdf
    • http://www.gorillawalker.com/for-the-love-of-aggie.pdf
    • http://www.gorillawalker.com/10-must-reads-interpretation.pdf
    • http://www.gorillawalker.com/how-to-draw-anime-game-characters-vol-3-bringing-daily.pdf
    • http://www.gorillawalker.com/mildred-s-quest-kindle-edition.pdf
    • http://www.gorillawalker.com/n-o-i-r-a-white-paper.pdf
    • http://www.gorillawalker.com/the-10-run-till-you-drop-commandments-a-guide-to.pdf
    • http://www.gorillawalker.com/finding-the-worm-twerp-sequel-kindle-edition.pdf
    • http://www.gorillawalker.com/pedigree-how-elite-students-get-elite-jobs-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/wildflowers-of-georgia.pdf
    • http://www.gorillawalker.com/in-love-abiding-responding-to-the-dying-and-the-bereaved.pdf
    • http://www.gorillawalker.com/pyramid-games-bernie-madoff-and-his-willing-disciples.pdf
    • http://www.gorillawalker.com/nmr-and-its-applications-to-living-systems-oxford-science-publications.pdf
    • http://www.gorillawalker.com/the-politics-of-antipoliti
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.