Malicious PDF — malware analysis report

Static analysis result for SHA-256 a7289916ea9cdf84…

MALICIOUS

PDF

41.9 KB Created: 2019-01-06 08:02:25 +03:00 Authoring application: Word (via Mac OS X 10.10.5 Quartz PDFContext)
MD5: ccebddf35d80e8a1560935c14af68023 SHA-1: 2c6538657914feaebfcb3082420b85c5f93f7e60 SHA-256: a7289916ea9cdf841df216c3e9aac310bd5cbdc99e0a227615e939b6863f145a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The PDF contains multiple embedded URLs pointing to PDF documents on the same domain, suggesting a dropper or downloader functionality. The presence of these external links is the primary indicator of malicious activity, likely intended to lead the user to download and open further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7142698-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142698-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/developing-management-skills-8th-edition.pdf
    • http://www.gorillawalker.com/stonewall-jackson-and-the-american-civil-war-2-volume-set.pdf
    • http://www.gorillawalker.com/drop-zone-sicily-allied-airborne-strike-july-1943.pdf
    • http://www.gorillawalker.com/berthe-morisot-230-impressionist-paintings-french-impressionism-kindle-edition.pdf
    • http://www.gorillawalker.com/new-headway-intermediate-class-audio-cds.pdf
    • http://www.gorillawalker.com/nationalism-and-ethnic-conflict-in-indonesia-cambridge-asia-pacific-studies.pdf
    • http://www.gorillawalker.com/solo-pieces-for-the-advanced-alto-recorder.pdf
    • http://www.gorillawalker.com/the-road-to-lilyfields-kindle-edition.pdf
    • http://www.gorillawalker.com/survival-101-everything-you-need-to-know-for-wilderness-survival.pdf
    • http://www.gorillawalker.com/art-and-history-of-rome-bonechi-art-history-collection.pdf
    • http://www.gorillawalker.com/czerny-germer-volume-1-50-selected-studies.pdf
    • http://www.gorillawalker.com/mnemonics-in-dentistry-kindle-edition.pdf
    • http://www.gorillawalker.com/grantville-gazette-volume-vii-ring-of-fire-gazette-editions-book.pdf
    • http://www.gorillawalker.com/lonely-planet-madrid-condensed-lonely-planet-pocket-guide-madrid.pdf
    • http://www.gorillawalker.com/proposed-ethics-opinion-on-outsourcing-ethics-advisory-opinion-on-dealing.pdf
    • http://www.gorillawalker.com/hot-chocolate-lover-gay-interracial-romance.pdf
    • http://www.gorillawalker.com/honest-money-the-secret-life-of-money-and-banks.pdf
    • http://www.gorillawalker.com/techniques-strategies-to-increase-parent-involvement-parent-community-school-connections.pdf
    • http://www.gorillawalker.com/philosophical-foundation-a-critical-analysis-of-basic-beliefs.pdf
    • http://www.gorillawalker.com/christmas-a-cooks-tour.pdf
    • http://www.gorillawalker.com/selected-poems.pdf
    • http://www.gorillawalker.com/sheet-metal-technology.pdf
    • http://www.gorillawalker.com/the-soundscapes-of-australia.pdf
    • http://www.gorillawalker.com/listeria-monocytogenes-pathogenesis-and-host-response.pdf
    • http://www.gorillawalker.com/be-your-own-tactics-coach-wiley-nautical.pdf
    • http://www.gorillawalker.com/diagnostic-hematology-a-pattern-approach.pdf
    • http://www.gorillawalker.com/misapplied-magic-the-complete-bundle.pdf
    • http://www.gorillawalker.com/im-schatten-der-lombardis-thriller-allgemeine-reihe-bastei-l-bbe.pdf
    • http://www.gorillawalker.com/handbook-of-small-animal-gastroenterology-1e.pdf
    • http://www.gorillawalker.com/friends-bring-out-the-best-in-us-a-book-of.pdf
    • http://www.gorillawalker.com/the-summoning.pdf
    • http://www.gorillawalker.com/every-step-a-lotus-shoes-for-bound-feet.pdf
    • http://www.gorillawalker.com/claiming-the-caribou.pdf
    • http://www.gorillawalker.com/the-outworlds-war-torrent-volume-1.pdf
    • http://www.gorillawalker.com/winter-journal-thorndike-press-large-print-biography-series.pdf
    • http://www.gorillawalker.com/women-take-charge-of-your-money-a-biblical-path-to.pdf
    • http://www.gorillawalker.com/peaceful-places-notecards.pdf
    • http://www.gorillawalker.com/contemporary-s-american-civics-and-government-student-edition.pdf
    • http://www.gorillawalker.com/applied-industrial-ergonomics-manual-1995-copy.pdf
    • http://www.gorillawalker.com/regime-paleo-pour-le-crossfit-votre-corps-l-ultime-machine.pdf
    • http://www.gorillawalker.com/the-road-to-lilyfields-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.