Malicious PDF — malware analysis report

Static analysis result for SHA-256 ab29c7105762c015…

MALICIOUS

PDF

40.7 KB Created: 2018-11-21 20:52:46 +03:00 Authoring application: - (via Acrobat Distiller 7.0 (Windows))
MD5: abf80094eafe8d64f8eb4f46b1224aef SHA-1: 57cc405c92c0ce4b561e9d407ac74aabc0314950 SHA-256: ab29c7105762c0152cc1de08fbd9f47c85e50d39a9d16534345739adfe33fcd4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file was detected as a malicious PDF dropper by ClamAV and an ML classifier. It contains multiple external URLs pointing to PDF files, suggesting a lure to download further malicious content. The primary attack pattern involves redirecting the user to these external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7291623-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7291623-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tradition-book-celestial-chorus-op-mage.pdf
    • http://www.gorillawalker.com/wolf-queen.pdf
    • http://www.gorillawalker.com/early-modern-catholics-royalists-and-cosmopolitans-english-transnationalism-and-the.pdf
    • http://www.gorillawalker.com/solving-equations-using-modified-fibonacci-sequences.pdf
    • http://www.gorillawalker.com/time-and-man.pdf
    • http://www.gorillawalker.com/step-by-step-tai-chi.pdf
    • http://www.gorillawalker.com/lennon-and-mccartney-for-trumpet.pdf
    • http://www.gorillawalker.com/chosen-genesis-through-deuteronomy-harmony-and-chronology-of-the-old.pdf
    • http://www.gorillawalker.com/short-range-wireless-communication-fundamentals-of-rf-system-design-and.pdf
    • http://www.gorillawalker.com/goosebumps-hall-of-horrors-5-don-t-scream.pdf
    • http://www.gorillawalker.com/the-cultural-environment-of-international-business.pdf
    • http://www.gorillawalker.com/reading-virgil-aeneidi-and-ii-cambridge-intermediate-latin-readers.pdf
    • http://www.gorillawalker.com/porsche-the-story-of-a-german-legend.pdf
    • http://www.gorillawalker.com/the-night-land.pdf
    • http://www.gorillawalker.com/the-washington-manual-allergy-asthma-and-immunology-subspecialty-consult-the.pdf
    • http://www.gorillawalker.com/anatomy-demystified.pdf
    • http://www.gorillawalker.com/in-wonderland.pdf
    • http://www.gorillawalker.com/celtic-cable-shawls.pdf
    • http://www.gorillawalker.com/making-a-living-in-the-middle-ages-the-people-of.pdf
    • http://www.gorillawalker.com/aesthetic-theology-and-its-enemies-judaism-in-christian-painting-poetry.pdf
    • http://www.gorillawalker.com/electrocardiograf.pdf
    • http://www.gorillawalker.com/tonguecat-a-novel.pdf
    • http://www.gorillawalker.com/star-spotters-telescopes-and-observatories-exploring-our-solar-system.pdf
    • http://www.gorillawalker.com/catalogue-of-products-forwarded-by-the-secretary-of-public-works.pdf
    • http://www.gorillawalker.com/gossie-reader-gossie-friends.pdf
    • http://www.gorillawalker.com/million-dollar-love-child-harlequin-comics.pdf
    • http://www.gorillawalker.com/apostolic-church-of-the-pleroma-lectionary-for-mass.pdf
    • http://www.gorillawalker.com/life-derailed-a-divorced-mom-s-survival-guide.pdf
    • http://www.gorillawalker.com/coping-successfully-with-prostate-problems-overcoming-common-problems-series.pdf
    • http://www.gorillawalker.com/politics-dover-thrift-editions.pdf
    • http://www.gorillawalker.com/oxford-slavonic-papers-new-series-volume-xxvi.pdf
    • http://www.gorillawalker.com/adler-s-physiology-of-the-eye.pdf
    • http://www.gorillawalker.com/the-earth-chapter-zero-1-kindle-edition.pdf
    • http://www.gorillawalker.com/figment.pdf
    • http://www.gorillawalker.com/gunship-ace-the-wars-of-neall-ellis-helicopter-pilot-and.pdf
    • http://www.gorillawalker.com/winning-quigley-over.pdf
    • http://www.gorillawalker.com/social-supremacy-shift-how-to-make-your-network-and-resources.pdf
    • http://www.gorillawalker.com/the-chela-and-the-path-keys-to-soul-mastery-in.pdf
    • http://www.gorillawalker.com/minecraft-cheats-70-top-essential-minecraft-cheats-guide-exposed-unabridged.pdf
    • http://www.gorillawalker.com/business-organisations-law-guidebook.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.