Malicious PDF — malware analysis report

Static analysis result for SHA-256 b25c06b1b1518418…

MALICIOUS

PDF

36.0 KB Created: 2019-11-10 05:16:59 +03:00 Authoring application: Word (via Mac OS X 10.10.5 Quartz PDFContext)
MD5: 06dd17011477c74cd7baec840e5126c9 SHA-1: a1be6473e16125560c6f90c8127192c8f82f883a SHA-256: b25c06b1b151841897ce09cd80378ea872c7aa9478995722d149ee8e43e756d3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is a PDF that contains an embedded URI pointing to a suspicious external URL. ClamAV detected this file as Pdf.Dropper.Agent-9482545-0, and an ML classifier also flagged it as malicious. The embedded URI, http://www.gorillawalker.com/all-about-drawing-cool-cars-fast-planes-military-machines-learn.pdf, is likely the initial stage of a dropper attack, aiming to download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8460

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-9482545-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9482545-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/all-about-drawing-cool-cars-fast-planes-military-machines-learn.pdf
    • http://www.gorillawalker.com/military-operations-france-belgium-1915-vol-ii-map-case-battles.pdf
    • http://www.gorillawalker.com/jane-wenham-the-witch-of-walkern.pdf
    • http://www.gorillawalker.com/divine-governance-of-the-human-kingdom-including-what-the-seeker.pdf
    • http://www.gorillawalker.com/elementos-de-mineralojia-o-del-conocimiento-de-las-especies-minerales.pdf
    • http://www.gorillawalker.com/what-your-doctor-doesn-t-know-about-nutritional-medicine-may.pdf
    • http://www.gorillawalker.com/the-english-dancing-master-for-recorder-flute-an-piano.pdf
    • http://www.gorillawalker.com/headin-down-the-line.pdf
    • http://www.gorillawalker.com/practical-cardiovascular-pathology-2nd-edition.pdf
    • http://www.gorillawalker.com/pursuits-magazine-kindle-edition.pdf
    • http://www.gorillawalker.com/julius-caesar-man-soldier-and-tyrant-da-capo-paperback.pdf
    • http://www.gorillawalker.com/la-captura-the-capture-los-guardianes-de-ga-hoole-guardians.pdf
    • http://www.gorillawalker.com/zhivago-s-children-the-last-russian-intelligentsia.pdf
    • http://www.gorillawalker.com/the-diary-of-a-yeomanry-m-o-egypt-gallipoli-palestine.pdf
    • http://www.gorillawalker.com/taboo-erotica-collection-sex-romance-mega-bundle-10-hot-stories.pdf
    • http://www.gorillawalker.com/what-i-ve-learned-from-you-the-lessons-of-life.pdf
    • http://www.gorillawalker.com/trigonometry-student-solutions-manual.pdf
    • http://www.gorillawalker.com/electrical-engineering-design-skills-and-application-of-cad.pdf
    • http://www.gorillawalker.com/the-12-most-delicious-gluten-free-pizza-recipes-of-all.pdf
    • http://www.gorillawalker.com/50-delicious-pumpkin-dessert-recipes-recipes-for-pumpkin-muffins-pumpkin.pdf
    • http://www.gorillawalker.com/lapham-s-rules-of-influence-a-careerist-s-guide-to.pdf
    • http://www.gorillawalker.com/black-decker-the-complete-photo-guide-to-sheds-barns-outbuildings.pdf
    • http://www.gorillawalker.com/the-political-economy-of-art-making-the-nation-of-culture.pdf
    • http://www.gorillawalker.com/caribbean-fruits-and-vegetables-selected-recipes.pdf
    • http://www.gorillawalker.com/golden-horse-the-legendary-akhal-teke.pdf
    • http://www.gorillawalker.com/the-plays-of-juan-ruiz-de-alarc-n-monograf-as.pdf
    • http://www.gorillawalker.com/garfield-comics-1000-pieces-jigsaw-puzzle.pdf
    • http://www.gorillawalker.com/the-meaty-truth-why-our-food-is-destroying-our-health.pdf
    • http://www.gorillawalker.com/los-5-lenguajes-del-aprecio-en-el-trabajo-c-mo.pdf
    • http://www.gorillawalker.com/teaching-teresa-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-nonlinear-partial-differential-equations.pdf
    • http://www.gorillawalker.com/twin-trouble.pdf
    • http://www.gorillawalker.com/alejandro-dumas-grandes-cl.pdf
    • http://www.gorillawalker.com/sextrology-the-astrology-of-sex-and-the-sexes.pdf
    • http://www.gorillawalker.com/weight-watchers-versatile-vegetarian.pdf
    • http://www.gorillawalker.com/ribavirina-inyectable-100mg-ml-en-el-tratamiento-de-la-hepatitis.pdf
    • http://www.gorillawalker.com/praying-advent-three-minute-reflections-on-peace-faithfulness-joy-and.pdf
    • http://www.gorillawalker.com/arc-welding-shipyard-practice-and-training-course-1941.pdf
    • http://www.gorillawalker.com/just-poodles-2014-wall-calendar.pdf
    • http://www.gorillawalker.com/emergency-management-of-hand-injuries-oxford-handbooks-in-emergency-medicine.pdf
    • http://www.gorillawalker.com/what-your-doctor-doesn-t-know-about-nutritional-medicine-may
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.