Malicious PDF — malware analysis report

Static analysis result for SHA-256 95c954d3a3a493a7…

MALICIOUS

PDF

32.6 KB Created: 2019-09-19 05:44:25 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via iText 2.1.7 by 1T3XT)
MD5: 329c2491d41208e58e1052aa42447f24 SHA-1: 2e4c484eae36944db9ee4512cce6dcdedddaf3c3 SHA-256: 95c954d3a3a493a7f213c7dccb8c933a92f22f223a3e6427c7a13bed958c41d2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains an embedded URI pointing to a suspicious external PDF file. ClamAV detection as 'Pdf.Dropper.Agent-7181157-0' and a high ML classifier score further indicate malicious intent. The primary attack pattern involves redirecting the user to download a secondary malicious document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7181157-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7181157-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-show-must-go-on-three-ring-rascals.pdf
    • http://www.gorillawalker.com/royal-baker-and-pastry-cook-a-manual-of-practical-receipts.pdf
    • http://www.gorillawalker.com/interpretation-of-schizophrenia-2nd-second-edition.pdf
    • http://www.gorillawalker.com/john-the-baptist-forerunner-of-christ.pdf
    • http://www.gorillawalker.com/beyond-the-dance-floor-female-djs-technology-and-electronic-dance.pdf
    • http://www.gorillawalker.com/the-chief-the-life-of-william-randolph-hearst.pdf
    • http://www.gorillawalker.com/earthquakes-earth-s-mightiest-moments-earth-works.pdf
    • http://www.gorillawalker.com/tops-in-pops-old-and-new-favorites-arranged-for-orff.pdf
    • http://www.gorillawalker.com/bundle-mathematics-for-elementary-school-teachers-5th-explorations-manual.pdf
    • http://www.gorillawalker.com/macroeconomics-understanding-the-global-economy.pdf
    • http://www.gorillawalker.com/horror-film-directors-19311990.pdf
    • http://www.gorillawalker.com/spring-s-renewal-seasons-of-sugarcreek.pdf
    • http://www.gorillawalker.com/an-asperger-dictionary-of-everyday-expressions-second-edition.pdf
    • http://www.gorillawalker.com/accidental-murder.pdf
    • http://www.gorillawalker.com/invencible-spanish-edition.pdf
    • http://www.gorillawalker.com/scientific-detectors-for-astronomy-the-beginning-of-a-new-era.pdf
    • http://www.gorillawalker.com/abraham-lincoln-complete-works-comprising-his-speeches-letters-state-papers.pdf
    • http://www.gorillawalker.com/riding-bareback-cowboy-erotic-romance.pdf
    • http://www.gorillawalker.com/instinct-in-man-a-contribution-to-the-psychology-of-education.pdf
    • http://www.gorillawalker.com/a-cookbook-for-diabetics.pdf
    • http://www.gorillawalker.com/the-stall-pony-in-training-1.pdf
    • http://www.gorillawalker.com/victoria-from-sidney-to-sooke-an-altitude-superguide-paperback.pdf
    • http://www.gorillawalker.com/better-bed-breakfast-inns-covering-northern-california-oregon-washington-idaho.pdf
    • http://www.gorillawalker.com/informal-architecture-space-and-contemporary-culture.pdf
    • http://www.gorillawalker.com/mpls-and-next-generation-networks-foundations-for-ngn-and-enterprise.pdf
    • http://www.gorillawalker.com/voice-from-the-cross-the-classic-sermons-on-the-seven.pdf
    • http://www.gorillawalker.com/the-divine-circle-of-ladies-courting-trouble-circle-book-4.pdf
    • http://www.gorillawalker.com/alaska-brown-bear-giants-among-us.pdf
    • http://www.gorillawalker.com/vietnam-shooter-kindle-edition.pdf
    • http://www.gorillawalker.com/the-new-york-times-reader-science-technology-timescollege-series-timescollege.pdf
    • http://www.gorillawalker.com/ratha-s-challenge-named.pdf
    • http://www.gorillawalker.com/12-meteor-madness-frankie-s-magic-football.pdf
    • http://www.gorillawalker.com/understanding-other-people-the-five-secrets-to-human-behavior-your.pdf
    • http://www.gorillawalker.com/indigo-girls-rites-of-passage-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/fashion-house-4-mini-notebooks.pdf
    • http://www.gorillawalker.com/the-campaign-that-won-america-the-story-of-yorktown.pdf
    • http://www.gorillawalker.com/math-essentials-veritas-prep-gmat-series.pdf
    • http://www.gorillawalker.com/silver-spoons-blueberry-afternoons-a-crowning-collection-of-recipes-and.pdf
    • http://www.gorillawalker.com/christmas-in-vermont-a-very-white-christmas-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/30-ready-to-use-math-transparencies-grades-k-5.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.