Pdf.Dropper.Agent-7295301-0 — PDF malware analysis

Static analysis result for SHA-256 b563708821cb23a8…

MALICIOUS

PDF

45.9 KB Created: 2018-11-23 20:31:53 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: ca87520ed96a2ab8263b1341c33db1e8 SHA-1: 31f4c9fdaafb78b222fdff0801a6e522faee17a3 SHA-256: b563708821cb23a817c981ccee3406b55b306d35117c4aa29dfdea986d4af3d4
92 Risk Score

Malware Insights

Pdf.Dropper.Agent-7295301-0 · confidence 95%

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The file was identified as malicious by ClamAV with the signature Pdf.Dropper.Agent-7295301-0. Static analysis revealed multiple embedded URLs pointing to external PDF files, with one specifically flagged as an external URI. The ML classifier also indicated a high probability of maliciousness. The primary attack pattern involves redirecting the user to a malicious URL, likely to download and execute a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7295301-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7295301-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/strategy-and-performance-getting-the-measure-of-your-business-v.pdf
    • http://www.gorillawalker.com/ed-emberley-s-3-science-flip-books.pdf
    • http://www.gorillawalker.com/mesmerism-and-hawthorne-mediums-of-american-romance.pdf
    • http://www.gorillawalker.com/out-in-the-field-what-do-you-see-sci-fi.pdf
    • http://www.gorillawalker.com/a-year-and-a-day.pdf
    • http://www.gorillawalker.com/my-house-has-two-doors.pdf
    • http://www.gorillawalker.com/santa-is-coming-to-wisconsin.pdf
    • http://www.gorillawalker.com/projektmanagement-was-will-ich-wie-viel-professionelle-vorbereitung-sichert-den.pdf
    • http://www.gorillawalker.com/christmas-programs-for-children-2004-edition-shown-above.pdf
    • http://www.gorillawalker.com/positive-options-for-reflex-sympathetic-dystrophy-rsd-self-help-and.pdf
    • http://www.gorillawalker.com/non-centrosymmetric-superconductors-introduction-and-overview-lecture-notes-in-physics.pdf
    • http://www.gorillawalker.com/how-to-can-foods-safely-kindle-edition.pdf
    • http://www.gorillawalker.com/monte-cassino-the-hardest-fought-battle-of-world-war-ii.pdf
    • http://www.gorillawalker.com/de-stap-naar-hoger-beroep-dutch-edition.pdf
    • http://www.gorillawalker.com/swin-swale-swatchway-the-lost-classic-of-victorian-cruising.pdf
    • http://www.gorillawalker.com/wound-care-a-collaborative-practice-manual-for-physical-therapists-and.pdf
    • http://www.gorillawalker.com/priscilla-hauser-presents-miniature-oil-painting.pdf
    • http://www.gorillawalker.com/the-curious-nature-guide-explore-the-natural-wonders-all-around.pdf
    • http://www.gorillawalker.com/the-garlic-book-nature-s-powerful-healer.pdf
    • http://www.gorillawalker.com/the-structure-of-english-phonetics-phonology-morphology.pdf
    • http://www.gorillawalker.com/a-compendious-system-of-midwifery-chiefly-designed-to-facilitate-the.pdf
    • http://www.gorillawalker.com/a-very-british-murder-the-story-of-a-national-obsession.pdf
    • http://www.gorillawalker.com/by-sherman-k-stein-calculus-and-analytic-geometry-5th-fifth.pdf
    • http://www.gorillawalker.com/texes-technology-education-6-12-171-secrets-study-guide-texes.pdf
    • http://www.gorillawalker.com/microbial-plant-pathogens-detection-and-disease-diagnosis-fungal-pathogens-vol.pdf
    • http://www.gorillawalker.com/the-oxford-history-of-world-cinema.pdf
    • http://www.gorillawalker.com/longman-illustrated-animal-encyclopedia.pdf
    • http://www.gorillawalker.com/world-link-intro-student-book-without-cd-rom.pdf
    • http://www.gorillawalker.com/ase-test-prep-series-automobile-a8-automotive-engine-performance-ase.pdf
    • http://www.gorillawalker.com/detox-drinks-juice-fasting-detoxification-fat-burning-smoothies-30-fat.pdf
    • http://www.gorillawalker.com/supervisor-training-program-stp-unit-2-participants-manual-communication-agc.pdf
    • http://www.gorillawalker.com/archaea-salt-lovers-methane-makers-thermophiles-and-other-archaeans-class.pdf
    • http://www.gorillawalker.com/devil-within-harlequin-comics.pdf
    • http://www.gorillawalker.com/the-honeymoon-effect-the-science-of-creating-heaven-on-earth.pdf
    • http://www.gorillawalker.com/loving-helen-a-hearthfire-romance-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/visual-signal-quality-assessment-quality-of-experience-qoe.pdf
    • http://www.gorillawalker.com/law-and-the-sexual-politics-of-interpretation.pdf
    • http://www.gorillawalker.com/the-perfect-prescription-for-your-teeth.pdf
    • http://www.gorillawalker.com/intrigue-in-the-summer-court.pdf
    • http://www.gorillawalker.com/c-curious-the-tabu-series-book-1.pdf
    • http://www.gorillawalker.com/projektmanagement
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.