Malicious PDF — malware analysis report

Static analysis result for SHA-256 ca7f18f8c95e4b6f…

MALICIOUS

PDF

45.2 KB Created: 2018-11-23 21:33:16 +03:00 Authoring application: - (via Acrobat Web Capture 5.0)
MD5: 9f78bac1c1d9be8f94a704d8353d7e8a SHA-1: 52c43a2a9381e23940a29fb6db572a2996413375 SHA-256: ca7f18f8c95e4b6fb5720032c95589f508df57f72d0226ac0de35271a5ca623d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file was detected as malicious by ClamAV and an ML classifier, indicating it is a PDF dropper. It contains numerous embedded URLs pointing to PDF files on the same domain, suggesting a lure to download further malicious content. The presence of external URI indicators further supports this attack pattern. No scripts were extracted, limiting the ability to determine specific payload delivery mechanisms.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7303866-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7303866-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/king-solomon-s-ring-new-light-on-animal-ways-konrad.pdf
    • http://www.gorillawalker.com/walks-and-rambles-in-the-western-hudson-valley-landscape-ecology.pdf
    • http://www.gorillawalker.com/la-antigua-grecia-spanish-edition.pdf
    • http://www.gorillawalker.com/artes-de-mexico-13-el-arte-de-la-suerte-the.pdf
    • http://www.gorillawalker.com/charles-dickens-the-classic-radio-dramas-six-full-cast-bbc.pdf
    • http://www.gorillawalker.com/customized-version-of-engineering-economy-6th.pdf
    • http://www.gorillawalker.com/man-in-revolt-a-christian-anthropology.pdf
    • http://www.gorillawalker.com/the-information-a-history-a-theory-a-flood-unabridged-audible.pdf
    • http://www.gorillawalker.com/radiation-and-scattering-of-waves-ieee-press-series-on-electromagnetic.pdf
    • http://www.gorillawalker.com/dumbing-us-down-the-hidden-curriculum-of-compulsory-schooling-10th.pdf
    • http://www.gorillawalker.com/journal-of-space-law-volume-33-number-1-summer-2007.pdf
    • http://www.gorillawalker.com/succeeding-generations-on-the-effects-of-investments-in-children.pdf
    • http://www.gorillawalker.com/mba-in-a-nutshell-the-classic-accelerated-learner-program.pdf
    • http://www.gorillawalker.com/togo-the-sled-dog-book-7-of-glmta-series-the.pdf
    • http://www.gorillawalker.com/lock-on-no-27-sukhoi-su-22-m3-fitter.pdf
    • http://www.gorillawalker.com/money-bank-credit-and-economic-cycles-pocket-edition.pdf
    • http://www.gorillawalker.com/the-woman-with-the-alabaster-jar-mary-magdalen-and-the.pdf
    • http://www.gorillawalker.com/washed-and-waiting-reflections-on-christian-faithfulness-and-homosexuality.pdf
    • http://www.gorillawalker.com/maia-bang-violin-method-part-1.pdf
    • http://www.gorillawalker.com/muscle-aerobics-the-ultimate-workout-for-body-shaping.pdf
    • http://www.gorillawalker.com/one-man-s-documentary-a-memoir-of-the-early-years.pdf
    • http://www.gorillawalker.com/the-trial-on-trial-volume-1-truth-and-due-process.pdf
    • http://www.gorillawalker.com/440-colleges-for-top-students-2008-peterson-s-440-colleges.pdf
    • http://www.gorillawalker.com/reading-dewey-interpretations-for-a-postmodern-generation.pdf
    • http://www.gorillawalker.com/faith-a-bible-study-on-james-for-women.pdf
    • http://www.gorillawalker.com/bending-the-aging-curve-the-complete-exercise-guide-for-older.pdf
    • http://www.gorillawalker.com/bien-dit-assessment-program-level-1a-1b-1.pdf
    • http://www.gorillawalker.com/studies-in-the-comic-spirit-in-modern-japanese-fiction-harvard.pdf
    • http://www.gorillawalker.com/british-asians-and-football-culture-identity-exclusion-routledge-critical-studies.pdf
    • http://www.gorillawalker.com/deluxe-bible-cover-extra-large-tea-rose-vinyl.pdf
    • http://www.gorillawalker.com/the-competitive-enterprise-an-executive-s-guide-to-investing-in.pdf
    • http://www.gorillawalker.com/one-simple-baking-mix-50-fast-recipes-for-healthier-cakes.pdf
    • http://www.gorillawalker.com/dark-dreams-book-2-a-vampire-paranormal-romance-daughters-of.pdf
    • http://www.gorillawalker.com/shadows-of-my-past.pdf
    • http://www.gorillawalker.com/a-classic-christmas-caroling-songbook-30-sing-along-favorites.pdf
    • http://www.gorillawalker.com/trevor-wye-practice-book-for-the-flute-book-1-tone.pdf
    • http://www.gorillawalker.com/bloodlines-complete-set-library-binding.pdf
    • http://www.gorillawalker.com/fun-home-una-familia-tragicomica-a-family-tragicomic-spanish-edition.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-and-administration-of-the-sacraments.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.