Malicious PDF — malware analysis report

Static analysis result for SHA-256 9d16a186cde80575…

MALICIOUS

PDF

43.5 KB Created: 2018-12-15 20:55:10 +03:00 Authoring application: pdftk 1.44 - www.pdftk.com (via itext-paulo-155 (itextpdf.sf.net-lowagie.com))
MD5: ded1f119a8d99f93eff9cb7bd677d4bd SHA-1: 43625437c4042fcc2efbcdd0ae596a2dc738a9dd SHA-256: 9d16a186cde805754af1ad738c67f289f7e588ee18a7c63fc533907551786449
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains an embedded URI pointing to a suspicious PDF file hosted on 'gorillawalker.com'. This, combined with the ML classifier and ClamAV detection, strongly suggests a malicious dropper. The embedded URL is likely intended to trick the user into downloading and opening a further malicious document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7140448-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140448-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nailing-security-part-1-a-cute-busty-security-guard-needs.pdf
    • http://www.gorillawalker.com/acoustic-rock-guitar-chord-songbook-6-inch-x-9-inch.pdf
    • http://www.gorillawalker.com/math-matiques-informatique-physique-au-fil-des-tipe-scopos-french.pdf
    • http://www.gorillawalker.com/samson-agonistes.pdf
    • http://www.gorillawalker.com/bundles-of-faith-and-tons-of-fun-easy-activities-prayers.pdf
    • http://www.gorillawalker.com/music-in-aztec-and-inca-territory.pdf
    • http://www.gorillawalker.com/smoothies-smoothies-more-smoothies.pdf
    • http://www.gorillawalker.com/happy-100-tips-to-feel-great.pdf
    • http://www.gorillawalker.com/management-control-and-uncertainty.pdf
    • http://www.gorillawalker.com/integrated-circuit-lm3900-projects.pdf
    • http://www.gorillawalker.com/kenya-travel-pack-globetrotter-travel-packs.pdf
    • http://www.gorillawalker.com/mrs-silver-s-phonics-workbook-1-teacher-s-edition.pdf
    • http://www.gorillawalker.com/microbial-processing-of-metal-sulfides.pdf
    • http://www.gorillawalker.com/all-aboard-bright-ready-bks-for-toddler.pdf
    • http://www.gorillawalker.com/escuela-de-pintura-del-retrato-portrait-painting-school-escuela-de.pdf
    • http://www.gorillawalker.com/the-5-minute-clinical-consult-2012-standard-w-web-access.pdf
    • http://www.gorillawalker.com/globalization-and-development-volume-iii-in-search-of-a-new.pdf
    • http://www.gorillawalker.com/the-art-of-cookery-southover-press-historic-cookery-and-housekeeping.pdf
    • http://www.gorillawalker.com/everything-you-need-to-know-about-being-a-vegetarian-need.pdf
    • http://www.gorillawalker.com/essays-everyman-s-library-classics-contemporary-classics.pdf
    • http://www.gorillawalker.com/lee-elder-the-daring-dream-black-american-athletes.pdf
    • http://www.gorillawalker.com/sign-sing-and-play-fun-signing-activities-for-you-and.pdf
    • http://www.gorillawalker.com/truman-speaks-the-principal-speeches-and-addresses-of-president-harry.pdf
    • http://www.gorillawalker.com/movie-mystery-suspense.pdf
    • http://www.gorillawalker.com/fiscal-disobedience-an-anthropology-of-economic-regulation-in-central-africa.pdf
    • http://www.gorillawalker.com/bebop-classics-jazz-play-along-volume-48.pdf
    • http://www.gorillawalker.com/just-the-good-stuff-plant-rich-fiber-strong-kindle-edition.pdf
    • http://www.gorillawalker.com/ethical-issues-from-the-tacoma-narrows-bridge-collapse-engineering-soundbites.pdf
    • http://www.gorillawalker.com/innovations-in-fuzzy-clustering-theory-and-applications-studies-in-fuzziness.pdf
    • http://www.gorillawalker.com/around-the-world-10th-stage-mexico-english-french-and-spanish.pdf
    • http://www.gorillawalker.com/integration-interrupted-tracking-black-students-and-acting-white-after-brown.pdf
    • http://www.gorillawalker.com/the-searchers-essays-and-reflections-on-john-ford-s-classic.pdf
    • http://www.gorillawalker.com/te-vas-o-te-quedas-historias-para-leer-antes-de.pdf
    • http://www.gorillawalker.com/the-new-poor-lab-s-guide-to-the-regulations.pdf
    • http://www.gorillawalker.com/the-beginnings-of-quakerism.pdf
    • http://www.gorillawalker.com/steck-vaughn-working-with-numbers-student-edition-level-e.pdf
    • http://www.gorillawalker.com/mall-maker-victor-gruen-architect-of-an-american-dream.pdf
    • http://www.gorillawalker.com/company-meetings-law-practice-and-procedure.pdf
    • http://www.gorillawalker.com/aa-explorer-mallorca-aa-explorer-guides.pdf
    • http://www.gorillawalker.com/constitutional-brinksmanship-amending-the-constitution-by-national-convention.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.