Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5ad53bee2e7ebdf…

MALICIOUS

PDF

17.7 KB Created: 2019-05-03 18:55:59 +01:00 Authoring application: mPDF 5.7
MD5: 083851197a446b2305a6b77759e3d575 SHA-1: ec4605960f8af85026371093d72295d67ff16429 SHA-256: a5ad53bee2e7ebdf5b76118076c9c43863e2061033031e7b33998367ed853800
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file is identified as malicious by ClamAV and an ML classifier, indicating it's a Pdf.Dropper.Agent. The embedded URLs suggest the PDF is a lure, likely intended to trick users into downloading a second-stage payload. The document body, though partially corrupted, contains these URLs, reinforcing the dropper functionality.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-9609926-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9609926-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kiteeearpdf.myhome.cx/1f211f218f218f211f214f214/Thomas-Mann-Gesammelte-werke-Buddenbrooks-Der-Tod-in-Venedig-Tonio-Kr-ger-Der-kleine-Herr-Friedemann-Tristan-K-nigliche-Hoheit-Und-mehr-B-cher-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/9f212f217f217f217f215/Complete-Thomas-Mann---Buddenbrooks-Verfall-einer-Familie-Der-Tod-in-Venedig-Tonio-Kr-ger-Der-kleine-Herr-Friedemann-Tristan-K-nigliche-Hoheit-Gladius-Dei-Schwere-Stunde-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/7f218f214f215f212f210/Der-Tod-in-Venedig-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/9f210f210f219f210f213/Der-Tod-in-Venedig-Erza-hlungen-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/6f212f214f211f213/Der-Tod-in-Venedig-und-andere-Erz-hlungen-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/9f212f213f217f213f214/Die-gro-en-H-rspiele-Buddenbrooks-Der-Zauberberg-Der-Tod-in-Venedig-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/1f211f213f215f211f216f215/Kultur-Venedig-Buchdruck-in-Venedig-Biennale-Di-Venezia-Venezianische-Mehrchorigkeit-Karneval-in-Venedig-Teatro-La-Fenice-by-Quelle-Wikipedia.pdf
    • http://kiteeearpdf.myhome.cx/1f213f218f216f216f214/Six-Early-Stories-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/8f214f212f215f214f216/Death-in-Venice-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/4f214f215f211f217f218/Selected-Stories-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/7f211f218f216f216/Death-in-Venice-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/2f218f218f216f216f214/Young-Joseph-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/1f211f213f212f215f214f214/Der-Zauberberg-F-r-Eilige-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/3f215f217f212f212/Doctor-Faustus-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/3f212f216f216f215/The-Magic-Mountain-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/9f214f216f219f215f216/Tonio-Kroger-and-Other-Stories-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/7f216f210f211f215f213/Thomas-Mann-A-Life-by-Donald-Prater.pdf
    • http://kiteeearpdf.myhome.cx/1f210f212f211f216f215f217/Diaries-1918-1939-by-Thomas-Mann.pdf
    • http://kiteeearpdf.myhome.cx/6f217f217f216f214f210/Understanding-Thomas-Mann-by-Hannelore-Mundt.pdf
    • http://kiteeearpdf.myhome.cx/9f211f210f218f210f212/Little-Herr-Friedmann-and-Other-Stories-by-Thomas-Mann.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.