Malicious PDF — malware analysis report

Static analysis result for SHA-256 a15bac0b1a2891d8…

MALICIOUS

PDF

42.9 KB Created: 2018-12-15 08:09:44 +03:00 Authoring application: Adobe InDesign CS3 (5.0.2) (via Adobe PDF Library 8.0)
MD5: 0ab28a1a2a0d914385bdf9efcfb365ba SHA-1: 058626a6af35f8af02765d290b8a89abab48aae6 SHA-256: a15bac0b1a2891d864e5b96888aa51c45106621930156ae3ca58ed4271123b5d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF was flagged by multiple heuristics, including a critical ClamAV detection for Pdf.Dropper.Agent-7146522-0 and an ML classifier indicating maliciousness. An embedded URI points to a suspicious PDF file, suggesting a dropper functionality. The document body was heavily obfuscated and did not provide clear textual lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7146522-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7146522-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-spiritual-significance-of-your-doodles-drawings-scribbles-by-experimental.pdf
    • http://www.gorillawalker.com/pediatric-psychopharmacology-principles-and-practice.pdf
    • http://www.gorillawalker.com/treasury-of-mexican-love-poems-quotations-proverbs-in-spanish-and.pdf
    • http://www.gorillawalker.com/how-to-be-your-daughter-s-daddy-365-ways-to.pdf
    • http://www.gorillawalker.com/gluten-free-guide-for-southern-africa.pdf
    • http://www.gorillawalker.com/seven-ways-to-smash-the-sicilian.pdf
    • http://www.gorillawalker.com/sunset-of-the-gods.pdf
    • http://www.gorillawalker.com/the-making-of-a-rag-doll-design-sew-modern-heirlooms.pdf
    • http://www.gorillawalker.com/john-90-days-with-the-beloved-disciple-personal-reflections.pdf
    • http://www.gorillawalker.com/two-slave-rebellions-at-sea-the-heroic-slave-by-frederick.pdf
    • http://www.gorillawalker.com/algebra-1-common-core-teachers-edition.pdf
    • http://www.gorillawalker.com/trois-ans-d-esclavage-chez-les-patagons-r-cit-de.pdf
    • http://www.gorillawalker.com/educational-research-competencies-for-analysis-and-applications-10th-edition.pdf
    • http://www.gorillawalker.com/shepherd-leader.pdf
    • http://www.gorillawalker.com/the-evaded-duty.pdf
    • http://www.gorillawalker.com/casey-nova-kindle-edition.pdf
    • http://www.gorillawalker.com/fly-fishing-made-easy-made-easy-series.pdf
    • http://www.gorillawalker.com/metallocenes-in-regio-and-stereoselective-synthesis-topics-in-organometallic-chemistry.pdf
    • http://www.gorillawalker.com/hockey-dreams.pdf
    • http://www.gorillawalker.com/national-geographic-readers-mars.pdf
    • http://www.gorillawalker.com/career-information-in-counseling-and-career-development.pdf
    • http://www.gorillawalker.com/first-day-of-school-robin-hill-school.pdf
    • http://www.gorillawalker.com/the-sexy-part-of-the-bible-akashic-urban-surreal-series.pdf
    • http://www.gorillawalker.com/weimar-radicals-nazis-and-communists-between-authenticity-and-performance-monographs.pdf
    • http://www.gorillawalker.com/adios-nirvana.pdf
    • http://www.gorillawalker.com/entrepreneurial-marketing-an-effectual-approach.pdf
    • http://www.gorillawalker.com/episode-2-bliss-den-blissed-season-1.pdf
    • http://www.gorillawalker.com/what-s-the-big-idea-charlie-brown-peanuts-great-american.pdf
    • http://www.gorillawalker.com/digital-soil-assessments-and-beyond-proceedings-of-the-5th-global.pdf
    • http://www.gorillawalker.com/troll-part-1.pdf
    • http://www.gorillawalker.com/the-strange-tale-of-ben-beesley.pdf
    • http://www.gorillawalker.com/selective-remembrances-archaeology-in-the-construction-commemoration-and-consecration-of.pdf
    • http://www.gorillawalker.com/the-last-of-the-gullivers.pdf
    • http://www.gorillawalker.com/pediatric-hematology-oncology-secrets-1e.pdf
    • http://www.gorillawalker.com/tokyo-underworld-the-fast-times-and-hard-life-of-an.pdf
    • http://www.gorillawalker.com/a-manual-of-chemical-plants.pdf
    • http://www.gorillawalker.com/from-romanticism-to-surrealism-seven-spanish-poets.pdf
    • http://www.gorillawalker.com/whole-grain-baking-made-easy-craft-delicious-healthful-breads-pastries.pdf
    • http://www.gorillawalker.com/the-thomas-guide-riverside-county-streetguide-thomas-guide-easy-to.pdf
    • http://www.gorillawalker.com/a-study-of-the-theology-and-the-imagery-of-dante.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.