Malicious PDF — malware analysis report

Static analysis result for SHA-256 9961899435a7d68d…

MALICIOUS

PDF

40.2 KB Created: 2018-12-14 20:22:11 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: dcd309e1745cb0448fbcae47a1fa01cd SHA-1: 77a497025b0f260148bfa4f969394c4ad1a7a960 SHA-256: 9961899435a7d68dfbdc32881b93e5ea8ef0796c78d508a094801fc393d881a5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is identified as malicious by ClamAV and an ML classifier, indicating it's a PDF dropper. The document body contains numerous embedded URLs, all pointing to the same domain, suggesting a phishing or credential harvesting attempt. No scripts were extracted, so the exact payload delivery mechanism beyond the URLs is not discernible from this analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7142889-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142889-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/adobe-indesign-cs6-learn-by-video.pdf
    • http://www.gorillawalker.com/la-m.pdf
    • http://www.gorillawalker.com/the-devil-came-on-horseback-bearing-witness-to-the-genocide.pdf
    • http://www.gorillawalker.com/the-warder-s-leprechaun.pdf
    • http://www.gorillawalker.com/economic-sanctions-and-american-diplomacy-critical-america.pdf
    • http://www.gorillawalker.com/the-school-of-venus-or-the-ladies-delight-reduced-into.pdf
    • http://www.gorillawalker.com/the-coldest-sea-eden-series-kindle-edition.pdf
    • http://www.gorillawalker.com/under-our-skin.pdf
    • http://www.gorillawalker.com/the-italians-of-dalmatia-from-italian-unification-to-world-war.pdf
    • http://www.gorillawalker.com/loraine-medina-oh-street-map.pdf
    • http://www.gorillawalker.com/turning-lathes-a-guide-to-turning-screw-cutting-metal-spinning.pdf
    • http://www.gorillawalker.com/life-magazine-june-2-1972.pdf
    • http://www.gorillawalker.com/the-school-of-christian-perfection-kindle-edition.pdf
    • http://www.gorillawalker.com/so-wrong-for-so-long-how-the-press-the-pundits.pdf
    • http://www.gorillawalker.com/work-in-progress-a-guide-to-academic-writing-and-revising.pdf
    • http://www.gorillawalker.com/the-atmosphere-an-introduction-to-meteorology-11th-edition.pdf
    • http://www.gorillawalker.com/heir-to-murder-the-adair-affairs.pdf
    • http://www.gorillawalker.com/jazz-flute-etudes.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-the-egyptian-pharaohs-volume-i-predynastic-to.pdf
    • http://www.gorillawalker.com/controller-s-guide-to-costing.pdf
    • http://www.gorillawalker.com/the-latehomecomer-a-hmong-family-memoir-kindle-edition.pdf
    • http://www.gorillawalker.com/gisela-s-story.pdf
    • http://www.gorillawalker.com/karate-katie-katie-kazoo-switcheroo-pb.pdf
    • http://www.gorillawalker.com/berlin-travel-guide-michael-brein-s-travel-guides-to-sightseeing.pdf
    • http://www.gorillawalker.com/bronze-bow.pdf
    • http://www.gorillawalker.com/popular-praise-10-timeless-christian-worship-songs-easy-piano.pdf
    • http://www.gorillawalker.com/paradise-lost-and-the-classical-epic.pdf
    • http://www.gorillawalker.com/everything-irish-the-history-literature-art-music-people-and-places.pdf
    • http://www.gorillawalker.com/turning-lesbian-when-bi-is-not-enough-volume-1.pdf
    • http://www.gorillawalker.com/jesus-hates-zombies-lincoln-hates-werewolves-volume-4.pdf
    • http://www.gorillawalker.com/honor-unraveled-red-team-volume-3.pdf
    • http://www.gorillawalker.com/wonderful-world-of-richard-rodgers-easyplay-piano-book-easy-play.pdf
    • http://www.gorillawalker.com/elian-mccreadys-needlepoint.pdf
    • http://www.gorillawalker.com/japanese-candlestick-charting-techniques-a-contemporary-guide-to-the-ancient.pdf
    • http://www.gorillawalker.com/the-bedbug-a-play-and-selected-poetry.pdf
    • http://www.gorillawalker.com/attachment-and-family-systems-conceptual-empirical-and-therapeutic-relatedness.pdf
    • http://www.gorillawalker.com/divided-by-seven-billion.pdf
    • http://www.gorillawalker.com/pregnancy-for-the-first-time-moms-what-they-don-t.pdf
    • http://www.gorillawalker.com/antiviral-chemotherapy-interferons-and-vaccines-monographs-in-virology.pdf
    • http://www.gorillawalker.com/southern-living-christmas-cookbook-all-new-ultimate-holiday-entertaining-guide.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.