Malicious PDF — malware analysis report

Static analysis result for SHA-256 a15528d649fdc503…

MALICIOUS

PDF

43.7 KB Created: 2018-11-15 05:55:09 +03:00 Authoring application: Acrobat PDFMaker 7.0 для Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: a18795d177002e720e2212255cccf3b5 SHA-1: 8d9b18774908855b07649a29b226e453af12f563 SHA-256: a15528d649fdc50328a1e452454e0749b2086ab156baaf646be8156cd1507307
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document that contains multiple external URLs. The ClamAV detection 'Pdf.Dropper.Agent-7288425-0' and the ML classifier strongly indicate malicious intent. The presence of embedded URLs, specifically pointing to other PDF files on the same domain, suggests a lure to download further malicious content. No scripts were extracted, but the PDF structure itself is indicative of a dropper or downloader.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7288425-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7288425-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-traz-backtracker-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/my-dirty-professor-professor-student-erotica-older-man-younger-woman.pdf
    • http://www.gorillawalker.com/satellite-access-market-trends-download-pdf-digital.pdf
    • http://www.gorillawalker.com/francesco-paolo-tosti-30-songs-high-voice-universal-jv-classical.pdf
    • http://www.gorillawalker.com/corporations-other-business-associations-cases-materials-6e.pdf
    • http://www.gorillawalker.com/assalamu-alaykum.pdf
    • http://www.gorillawalker.com/dramaturgie-und-ideologie-bza-188-beitrage-zur-altertumskunde-german-edition.pdf
    • http://www.gorillawalker.com/missing-plane.pdf
    • http://www.gorillawalker.com/les-neoplasies-lymphoides-lymphoid-neoplasias-cnrs-international-colloquium-paris-22.pdf
    • http://www.gorillawalker.com/disabled-desires-4-wicked-wheels.pdf
    • http://www.gorillawalker.com/mummies-all-aboard-reading.pdf
    • http://www.gorillawalker.com/the-legend-of-heroes-the-characters.pdf
    • http://www.gorillawalker.com/spearfishing-in-jamaica-nailing-the-tuna-interracial-first-time-taken.pdf
    • http://www.gorillawalker.com/antioxidant-activity-of-wines-and-relation-with-their-polyphenolic-composition.pdf
    • http://www.gorillawalker.com/on-island-time-kayaking-the-caribbean.pdf
    • http://www.gorillawalker.com/isabel-y-fernando-los-reyes-cat-licos-serie-media-spanish.pdf
    • http://www.gorillawalker.com/damage-tolerance-and-durability-of-material-systems.pdf
    • http://www.gorillawalker.com/the-economics-of-research-libraries.pdf
    • http://www.gorillawalker.com/vademecum-metabolicum-manual-of-metabolic-paediatrics.pdf
    • http://www.gorillawalker.com/strategy-the-logic-of-war-and-peace-revised-and-enlarged.pdf
    • http://www.gorillawalker.com/welfare-the-working-poor-and-labor.pdf
    • http://www.gorillawalker.com/give-your-child-a-head-start-in-reading-a-fireside.pdf
    • http://www.gorillawalker.com/surface-electrochemistry-a-molecular-level-approach.pdf
    • http://www.gorillawalker.com/time-pieces-for-treble-alto-recorder-v-1.pdf
    • http://www.gorillawalker.com/changing-cities-urban-sociology.pdf
    • http://www.gorillawalker.com/look-forward-beyond-lean-and-six-sigma-a-self-perpetuating.pdf
    • http://www.gorillawalker.com/1-110-recipes-book-2-a-cajun-family-s-recipe.pdf
    • http://www.gorillawalker.com/home-care-for-people-with-alzheimer-s-disease-communication-companion.pdf
    • http://www.gorillawalker.com/national-trade-estimate-report-on-foreign-trade-barriers-2003.pdf
    • http://www.gorillawalker.com/fragmentos-spanish-edition.pdf
    • http://www.gorillawalker.com/the-clumsy-crocodile-young-reading-series-1.pdf
    • http://www.gorillawalker.com/the-legend-of-zelda-majora-s-mask-prima-s-official.pdf
    • http://www.gorillawalker.com/reliability-and-life-testing-handbook.pdf
    • http://www.gorillawalker.com/maghella-n-20-cristoforo-nonch-colombo-italian-edition.pdf
    • http://www.gorillawalker.com/graphic-designer-s-digital-printing-and-prepress-handbook-book-reviews.pdf
    • http://www.gorillawalker.com/surviving-cissy-my-family-affair-of-life-in-hollywood.pdf
    • http://www.gorillawalker.com/teach-yourself-the-british-monarchy-from-henry-viii-teach-yourself.pdf
    • http://www.gorillawalker.com/cuore-the-heart-of-a-boy-unesco-collection-of-representative.pdf
    • http://www.gorillawalker.com/asleep-on-the-hay-a-dust-bowl-christmas.pdf
    • http://www.gorillawalker.com/manuscript-print-and-the-english-renaissance-lyric.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.