Pdf.Dropper.Agent-7296311-0 — PDF malware analysis

Static analysis result for SHA-256 b9157615da65d3f3…

MALICIOUS

PDF

42.2 KB Created: 2018-11-14 08:18:58 +03:00 Authoring application: FrameMaker 11.0.2 (via Acrobat Elements 10.0.0 (Windows))
MD5: 0ea3d80dee59d9aa0a9de0b15ec7f913 SHA-1: b23b6a4fca7e84ae9d8f61e28792b05dafcd610c SHA-256: b9157615da65d3f3f2dd9ea97b4be7e319efb3b16c76c9c97c5c35619d23ffdc
92 Risk Score

Malware Insights

Pdf.Dropper.Agent-7296311-0 · confidence 95%

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

This PDF was flagged by ClamAV as Pdf.Dropper.Agent-7296311-0 and also triggered a ML classifier for malicious content. The presence of multiple embedded URLs, including http://www.gorillawalker.com/the-emergence-of-modern-america-1874-1917-print-purchase-includes.pdf, indicates a likely attempt to download and execute a second-stage payload. The document body is heavily obfuscated, preventing a more detailed analysis of its specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7296311-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7296311-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-emergence-of-modern-america-1874-1917-print-purchase-includes.pdf
    • http://www.gorillawalker.com/making-journalists-diverse-models-global-issues.pdf
    • http://www.gorillawalker.com/nursing-theory-utilization-and-application-2e.pdf
    • http://www.gorillawalker.com/fundamentals-of-polygraph-practice.pdf
    • http://www.gorillawalker.com/america-in-the-great-war-the-rise-of-the-war.pdf
    • http://www.gorillawalker.com/streetwise-barcelona-map-laminated-city-center-street-map-of-barcelona.pdf
    • http://www.gorillawalker.com/minsk-belarus-1-20-000-10-000-street-map.pdf
    • http://www.gorillawalker.com/a-barrel-of-fun.pdf
    • http://www.gorillawalker.com/april-and-may-orphan-train-west-book-5.pdf
    • http://www.gorillawalker.com/you-want-me-to-be-good-all-day-and-other.pdf
    • http://www.gorillawalker.com/educational-exchanges-e0ssays-on-the-sino-american-experience-research-papers.pdf
    • http://www.gorillawalker.com/the-survey-of-library-museum-digitization-projects-2014-edition.pdf
    • http://www.gorillawalker.com/stochastic-partial-differential-equations-a-modeling-white-noise-functional-approach.pdf
    • http://www.gorillawalker.com/dragon-ball-vol-4-vizbig-edition.pdf
    • http://www.gorillawalker.com/bass-fishing-fishing-tips-techniques.pdf
    • http://www.gorillawalker.com/the-wolf-shall-dwell-with-the-lamb.pdf
    • http://www.gorillawalker.com/kayakfishing-the-revolution-paperback.pdf
    • http://www.gorillawalker.com/enslaved-kindle-edition.pdf
    • http://www.gorillawalker.com/baseball-the-writers-game.pdf
    • http://www.gorillawalker.com/3013-mated-3013-the-series-volume-1.pdf
    • http://www.gorillawalker.com/foreign-economic-and-trade-university-distance-education-textbook-series-warehouse.pdf
    • http://www.gorillawalker.com/the-aztec-news-history-news-gareth-stevens.pdf
    • http://www.gorillawalker.com/the-bible-and-its-influence-student-text-second-edition-hardcover.pdf
    • http://www.gorillawalker.com/through-the-eye-of-a-needle-wealth-the-fall-of.pdf
    • http://www.gorillawalker.com/the-annual-directory-of-american-and-canadian-bed-breakfasts-1995.pdf
    • http://www.gorillawalker.com/teaching-music-managing-the-successful-music-program.pdf
    • http://www.gorillawalker.com/gabon-map-french-edition.pdf
    • http://www.gorillawalker.com/beauties-and-beasts-monster-erotica-bundle.pdf
    • http://www.gorillawalker.com/common-sense-conduit-bending-and-cable-tray-techniques-electrical-trades.pdf
    • http://www.gorillawalker.com/agentes-secretos-y-el-mural-de-picasso-spanish-edition.pdf
    • http://www.gorillawalker.com/the-nature-of-things-stories-from-the-land.pdf
    • http://www.gorillawalker.com/life-and-limb-perspectives-on-the-american-civil-war.pdf
    • http://www.gorillawalker.com/no-prince-charming-secrets-of-stone-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fabric-of-sin-merrily-watkins-mysteries.pdf
    • http://www.gorillawalker.com/wwe-divas-annual.pdf
    • http://www.gorillawalker.com/radiohead-back-to-save-the-universe-the-stories-behind-every.pdf
    • http://www.gorillawalker.com/minneapolis-st-pauls-citymap-gousha-citymaps.pdf
    • http://www.gorillawalker.com/pillitteri-7e-coursepoint-lww-docucare-six-month-access-plus-laerdal.pdf
    • http://www.gorillawalker.com/one-culture-many-systems-politics-in-the-reunification-of-china.pdf
    • http://www.gorillawalker.com/art-of-talk.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.