Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f2679f8f73ecd27…

MALICIOUS

PDF

41.4 KB Created: 2019-01-29 01:54:11 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.0)
MD5: 75986ed94b3d3ee08fcd561755870380 SHA-1: 2ca00d2cfd061d1260683202475dbc9224c0ced4 SHA-256: 9f2679f8f73ecd272d173ee2dc4123a80997f1def4cd00a56c593439bcfa1810
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and ClamAV as malicious. It contains embedded URIs pointing to external PDF files, suggesting a dropper or downloader functionality. The primary IOC is the first embedded URI, which is likely the initial stage of the attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7287593-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7287593-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/aa-citypack-new-york-aa-citypack-guides.pdf
    • http://www.gorillawalker.com/magna-carta-text-and-commentary.pdf
    • http://www.gorillawalker.com/the-rise-of-the-soviet-union-turning-points-in-world.pdf
    • http://www.gorillawalker.com/transvaal-and-natal-iron-age-settlement-revealed-by-aerial-photography.pdf
    • http://www.gorillawalker.com/learning-2d-game-development-with-unity-a-hands-on-guide.pdf
    • http://www.gorillawalker.com/lectura-musical-para-guitarra-nivel-1-spanish-edition.pdf
    • http://www.gorillawalker.com/i-can-make-musical-instruments-makerspace-projects.pdf
    • http://www.gorillawalker.com/what-s-zapping-your-energy-5-health-mistakes-that-are.pdf
    • http://www.gorillawalker.com/tombs-of-the-south-asasif-necropolis-thebes-karakhamun-tt-223.pdf
    • http://www.gorillawalker.com/claws-of-the-crab-georgia-and-armenia-in-crisis-picador.pdf
    • http://www.gorillawalker.com/how-to-rake-leaves.pdf
    • http://www.gorillawalker.com/three-years-in-the-pacific-including-notices-of-brazil-chile.pdf
    • http://www.gorillawalker.com/beaumarchais-and-the-war-of-american-independence.pdf
    • http://www.gorillawalker.com/a-boy-s-journey-through-the-great-depression.pdf
    • http://www.gorillawalker.com/mallorca-tramuntana-central-map-and-hiking-guide.pdf
    • http://www.gorillawalker.com/2010-national-electrical-estimator.pdf
    • http://www.gorillawalker.com/star-invasions.pdf
    • http://www.gorillawalker.com/make-a-splash-a-kid-146-s-guide-to-protecting.pdf
    • http://www.gorillawalker.com/the-trigger-hunting-the-assassin-who-brought-the-world-to.pdf
    • http://www.gorillawalker.com/jada-it-s-deeper-than-love.pdf
    • http://www.gorillawalker.com/orphaned-at-39-a-story-of-parents-aging-and-a.pdf
    • http://www.gorillawalker.com/progger-a-life-on-the-marsh.pdf
    • http://www.gorillawalker.com/the-church-s-task-under-the-roman-empire-four-lectures.pdf
    • http://www.gorillawalker.com/wisdom-of-daughters.pdf
    • http://www.gorillawalker.com/shaped-by-the-story-helping-students-encounter-god-in-a.pdf
    • http://www.gorillawalker.com/british-industrial-relations-2nd-edition.pdf
    • http://www.gorillawalker.com/electricity-magnetism-and-modern-physics-volume-ii.pdf
    • http://www.gorillawalker.com/the-odyssey-of-the-buddhist-mind.pdf
    • http://www.gorillawalker.com/the-law-of-higher-education.pdf
    • http://www.gorillawalker.com/fashions-of-a-decade-the-1990s.pdf
    • http://www.gorillawalker.com/heart-duel-celta-s-heartmates-book-3.pdf
    • http://www.gorillawalker.com/kit-and-modern-timber-frame-homes-the-complete-guide.pdf
    • http://www.gorillawalker.com/movie-star-chronicles-a-visual-history-of-the-world-s.pdf
    • http://www.gorillawalker.com/llewellyn-s-complete-book-of-names-for-pagans-witches-wiccans.pdf
    • http://www.gorillawalker.com/financial-markets-money-and-the-real-world.pdf
    • http://www.gorillawalker.com/stir-up-the-precipitable-world-text-in-english-and-japanese.pdf
    • http://www.gorillawalker.com/the-wild-edge-of-sorrow-rituals-of-renewal-and-the.pdf
    • http://www.gorillawalker.com/christmas-celebrations-plastic-canvas.pdf
    • http://www.gorillawalker.com/clueless-in-advertising.pdf
    • http://www.gorillawalker.com/norfolk-western-passenger-service-1946-1971.pdf
    • http://www.gorillawalker.com/i-ca
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.