Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba2544359bccdb56…

MALICIOUS

PDF

73.3 KB Created: 2018-07-09 09:54:41 UTC Authoring application: Softplicity
MD5: 6bfc8ea542dac5a7ce8e2192a6e14e18 SHA-1: 10dff000ffc0b69f65795f59571c141ab2583fb7 SHA-256: ba2544359bccdb568da3816e39faff9e7697a6828192eb4f22eb266ee6f05c0a
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file is a PDF document identified by ClamAV as Pdf.Dropper.Agent-7296666-0. The document body contains a large number of embedded URLs, suggesting a phishing or redirection attempt to malicious websites. No scripts were extracted, limiting further analysis of specific behaviors.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3107

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7296666-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7296666-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gllgyz.com
    • http://dnsrsearch.com
    • http://123recht.net
    • http://alpindustria.ru
    • http://anerbarrena.com
    • http://tawtheegonline.com
    • http://freepc.jp
    • http://caramelmature.com
    • http://pythontab.com
    • http://tipsfound.com
    • http://hyperinzerce.cz
    • http://armeniasputnik.am
    • http://vangoghmuseum.com
    • http://defenceforumindia.com
    • http://mmopulse.com
    • http://mceinsurance.com
    • http://tmlewin.co.uk
    • http://boribori.co.kr
    • http://novipnoad.com
    • http://legalizer.info
    • http://app.kiwi
    • http://stadtbranchenbuch.com
    • http://tumi.co.jp
    • http://candypussysex.com
    • http://windowsavings.net
    • http://videowow.tv
    • http://ofoghnews.ir
    • http://ushilapychvost.ru
    • http://inkedmag.com
    • http://jlju.edu.cn
    • http://dawshagya.org
    • http://mysecretwood.com
    • http://consumercardaccess.com
    • http://birdingintaiwan.com
    • http://hanatutorials.com
    • http://btracker.org
    • http://innisfreeworld.com
    • http://keralaregistration.gov.in
    • http://wobenben.com
    • http://xxxhd.pro
    • http://collegestudentapartments.com
    • http://tvzion.com
    • http://pikes.io
    • http://ptcb.org
    • http://radiology.jp
    • http://komplett.se
    • http://crdp.org
    • http://berkshirecommunities.com
    • http://lilwaynehq.com
    • http://roomsketcher.com
    +23 more URL(s)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0001048d.js
a8ba8ca3068269a0771bbe6e49f51a7af61d2b353fbbfb130d80a9a7900ba0d6		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1048D 26296 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.