Malicious PDF — malware analysis report

Static analysis result for SHA-256 97f1201300e864cd…

MALICIOUS

PDF

33.3 KB Created: 2019-09-08 11:55:11 +03:00 Authoring application: calibre 0.9.31 [http://calibre-ebook.com]
MD5: 101fe2a760399947d73479697167cbda SHA-1: 78a9e42c0aceb2b7c52125059948079e0a418efb SHA-256: 97f1201300e864cdf4893a685ad8aaf7b0070a08f6d236359dc73ea45e315dd7
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains multiple embedded URLs pointing to external PDF files, indicating a likely attempt to deliver further malicious content. The ClamAV detection as 'Pdf.Dropper.Agent-7364331-0' and the ML classifier strongly suggest malicious intent. No scripts were extracted, but the presence of numerous external links is a common technique for malware droppers.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7964

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7364331-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7364331-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-bernese-alps-a-walking-guide-international-series.pdf
    • http://www.gorillawalker.com/coral-in-space-time-the-biography-evolution-of-the-scleractinia.pdf
    • http://www.gorillawalker.com/using-internet-primary-sources-to-teach-critical-thinking-skills-in.pdf
    • http://www.gorillawalker.com/the-course-of-life-volume-iii-middle-and-late-childhood.pdf
    • http://www.gorillawalker.com/the-flintlock-its-origin-development-and-use.pdf
    • http://www.gorillawalker.com/a-bibliographic-guide-to-mishpat-ivri-books-and-articles-in.pdf
    • http://www.gorillawalker.com/herbs-that-cure-ent-disorders-kindle-edition.pdf
    • http://www.gorillawalker.com/the-13th-floor.pdf
    • http://www.gorillawalker.com/huanghe-gu-shi-ci-huanghe-cong-shu-mandarin-chinese-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-animal-husbandry-in-the-tropics.pdf
    • http://www.gorillawalker.com/irish-magic.pdf
    • http://www.gorillawalker.com/manchester-united-100-greatest-players.pdf
    • http://www.gorillawalker.com/pesticides-a-love-story-america-s-enduring-embrace-of-dangerous.pdf
    • http://www.gorillawalker.com/pastor-a-day-and-a-week-in-the-life-of.pdf
    • http://www.gorillawalker.com/psion-cat.pdf
    • http://www.gorillawalker.com/vocal-score-of-the-mikado-or-the-town-of-titipu.pdf
    • http://www.gorillawalker.com/cuckold-diaries-bulls-do-it-better-fertile-interracial-cuckold-mmmf.pdf
    • http://www.gorillawalker.com/training-amy-bdsm-erotica-gilded-lily-book-1.pdf
    • http://www.gorillawalker.com/investigating-white-collar-crime.pdf
    • http://www.gorillawalker.com/language-culture-and-identity-in-the-early-years.pdf
    • http://www.gorillawalker.com/r-made-simple-r-basics-statistical-analysis-software.pdf
    • http://www.gorillawalker.com/linear-algebra-theory-and-applications-jones-bartlett-learning-international-series.pdf
    • http://www.gorillawalker.com/mame-vocal-score.pdf
    • http://www.gorillawalker.com/la-historia-en-la-literatura-iberoamericana-memorias-del-xxvi-congreso.pdf
    • http://www.gorillawalker.com/language-assessment-principles-and-classroom-practices-2nd-edition.pdf
    • http://www.gorillawalker.com/with-the-thirty-second-in-the-peninsular-and-other-campaigns.pdf
    • http://www.gorillawalker.com/silicate-glasses-and-melts-volume-10-properties-and-structure-developments.pdf
    • http://www.gorillawalker.com/asia-s-next-giant-south-korea-and-late-industrialization.pdf
    • http://www.gorillawalker.com/pushing-electrons.pdf
    • http://www.gorillawalker.com/propellant-profiles-revised-and-expanded.pdf
    • http://www.gorillawalker.com/hunting-down-the-jews-vichy-the-nazis-and-mafia-collaborators.pdf
    • http://www.gorillawalker.com/the-dama-guide-to-the-data-management-body-of-knowledge.pdf
    • http://www.gorillawalker.com/cold-wars-the-fine-line-between-risk-and-reality.pdf
    • http://www.gorillawalker.com/joseph-how-god-builds-character-lifeguide-bible-studies.pdf
    • http://www.gorillawalker.com/the-unintentional-vegan-chicken-kindle-edition.pdf
    • http://www.gorillawalker.com/home-study-course-for-optometric-assisting-with-self-assessment-examination.pdf
    • http://www.gorillawalker.com/annual-review-of-fluid-mechanics-v-42-2010.pdf
    • http://www.gorillawalker.com/the-jamestown-colony-colonial-america.pdf
    • http://www.gorillawalker.com/transgenerational-design-products-for-an-aging-population.pdf
    • http://www.gorillawalker.com/malcolm-x-by-any-means-necessary.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://calibre-ebook.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.