Malicious PDF — malware analysis report

Static analysis result for SHA-256 c6a633049703a4cd…

MALICIOUS

PDF

42.8 KB Created: 2019-01-06 08:29:45 +03:00 Authoring application: DocBook XSL Stylesheets with Apache FOP (via Apache FOP Version 1.1)
MD5: 9a83034c8d4243fbcd0e52f3acd39b17 SHA-1: 7332f37f2c63df5111436226f7cfa9c031ce7a68 SHA-256: c6a633049703a4cd32199c8aef9d91c6c647a3813a5b4e6f1f386d8aadaa9fb4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1059 Command and Scripting Interpreter

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7301828-0 and a machine learning classifier indicated a high probability of maliciousness. An external URI pointing to a PDF file was also detected. The presence of these indicators suggests the PDF is a dropper intended to exploit vulnerabilities and download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7301828-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7301828-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/meinwomo-reisebuch-portugal-entdeckungsreise-durch-portugal-4.pdf
    • http://www.gorillawalker.com/mastering-the-art-of-creative-collaboration-businessweek-books.pdf
    • http://www.gorillawalker.com/french-beginner-s-cd-language-course-hugo-in-3-months.pdf
    • http://www.gorillawalker.com/thai-master-chefs.pdf
    • http://www.gorillawalker.com/neuroanatomy-made-easy.pdf
    • http://www.gorillawalker.com/wall-of-names-step-into-reading-step-4-paper.pdf
    • http://www.gorillawalker.com/saying-goodbye-a-time-of-growth-for-congregations-and-pastors.pdf
    • http://www.gorillawalker.com/bible-trouble-queer-reading-at-the-boundaries-of-biblical-scholarship.pdf
    • http://www.gorillawalker.com/what-s-your-magical-moment-disconnect-to-reconnect-with-your.pdf
    • http://www.gorillawalker.com/digital-photographer-s-guide-to-dramatic-photoshop-effects.pdf
    • http://www.gorillawalker.com/the-women-left-jacinta-joseph-caribbean-adventures.pdf
    • http://www.gorillawalker.com/praxis-elementary-education-0012-0014-test-prep-teacher-certification-test.pdf
    • http://www.gorillawalker.com/cole-o-a-hist-ria-dos-reformadores-para-crian-as.pdf
    • http://www.gorillawalker.com/the-six-sigma-path-to-leadership-observations-from-the-trenches.pdf
    • http://www.gorillawalker.com/hora-santa-de-reparacion.pdf
    • http://www.gorillawalker.com/the-big-rewind-a-memoir-brought-to-you-by-pop.pdf
    • http://www.gorillawalker.com/reclaiming-the-wolf-cascade-shifters-volume-1.pdf
    • http://www.gorillawalker.com/mississippi-impressions.pdf
    • http://www.gorillawalker.com/space-time-and-causality-an-essay-in-natural-philosophy.pdf
    • http://www.gorillawalker.com/organometallics-in-cancer-chemotherapy.pdf
    • http://www.gorillawalker.com/toddler-caf.pdf
    • http://www.gorillawalker.com/reeds-nautical-almanac-2016-reed-s-almanac.pdf
    • http://www.gorillawalker.com/who-killed-change-solving-the-mystery-of-leading-people-through.pdf
    • http://www.gorillawalker.com/natural-disasters-protecting-the-public-s-health.pdf
    • http://www.gorillawalker.com/theodore-parker-lukens-father-of-forestry.pdf
    • http://www.gorillawalker.com/pfenninger-and-fowler-s-procedures-for-primary-care-3rd-edition.pdf
    • http://www.gorillawalker.com/atalanta-hwv-35-aria-care-selve-f-major-transposed-full.pdf
    • http://www.gorillawalker.com/multiparameter-equations-of-state-an-accurate-source-of-thermodynamic-property.pdf
    • http://www.gorillawalker.com/farewell-to-arms-spanish-edition.pdf
    • http://www.gorillawalker.com/the-chocolate-touch.pdf
    • http://www.gorillawalker.com/the-pocket-guide-to-seashells-of-the-northern-hemi.pdf
    • http://www.gorillawalker.com/differential-equations-for-electrical-engineers.pdf
    • http://www.gorillawalker.com/ferrari-the-racing-cars-transportation-history.pdf
    • http://www.gorillawalker.com/concise-encyclopedia-of-medical-dental-materials-advances-in-materials-sciences.pdf
    • http://www.gorillawalker.com/the-gateway.pdf
    • http://www.gorillawalker.com/girl-from-above-betrayal-the-1000-revolution.pdf
    • http://www.gorillawalker.com/industry-and-empire-an-economic-history-of-britain-since-1750.pdf
    • http://www.gorillawalker.com/bible-verses-quiz-book.pdf
    • http://www.gorillawalker.com/bsava-manual-of-canine-and-feline-anaesthesia-and-analgesia.pdf
    • http://www.gorillawalker.com/balancing-work-and-family.pdf
    • http://www.gorillawalker.com/what-s-your-m
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.