Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb23315c55f88477…

MALICIOUS

PDF

13.7 KB Created: 2020-03-18 20:32:04 +00:00 Authoring application: mPDF 5.7
MD5: 9ed171b56605d9e4a1870e027fb0954b SHA-1: a7645a988e178ed994f410c460becf0b3135bf7d SHA-256: cb23315c55f884779560993c1d08cbd50ffb86fc21f3b72ff92cb77c8c0bba36
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was identified as malicious by a machine learning classifier and ClamAV, which flagged it as Pdf.Dropper.Agent-7677892-0. The PDF contains numerous embedded URLs, indicating it is likely a dropper. These URLs are the primary mechanism for delivering a second-stage payload. The presence of these URLs and the dropper classification strongly suggest an attack pattern focused on initial compromise via a malicious document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7677892-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7677892-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://weasciaoak.myhome.cx/52d32d12d12d22d5/Le-Christ-ob-se-by-Larry-Tremblay.pdf
    • http://weasciaoak.myhome.cx/72d92d82d52d82d7/La-hache-by-Larry-Tremblay.pdf
    • http://weasciaoak.myhome.cx/82d02d02d82d12d3/Le-D-clic-du-destin-by-Larry-Tremblay.pdf
    • http://weasciaoak.myhome.cx/52d62d52d42d22d6/Poudre-de-kumkum-by-Larry-Tremblay.pdf
    • http://weasciaoak.myhome.cx/52d72d22d62d12d4/Le-mangeur-de-bicyclette-by-Larry-Tremblay.pdf
    • http://weasciaoak.myhome.cx/62d02d72d12d02d2/Le-Graal-et-la-lign-e-royale-du-Christ-La-Descendance-cach-e-du-Christ-enfin-r-v-l-e-by-Laurence-Gardner.pdf
    • http://weasciaoak.myhome.cx/12d02d22d12d42d42d7/Pardon-ich-bin-Christ-by-C-S-Lewis.pdf
    • http://weasciaoak.myhome.cx/82d82d02d42d52d2/Hannibal-by-Karl-Christ.pdf
    • http://weasciaoak.myhome.cx/12d02d92d62d12d12d5/Bauch-Beine-Po-by-Christ-G-.pdf
    • http://weasciaoak.myhome.cx/72d22d42d62d82d8/Le-Bourreau-du-Christ-by-Patric-H-Derrez.pdf
    • http://weasciaoak.myhome.cx/72d62d72d12d12d3/Les-Psaumes-et-le-Christ-by-Francois-Vandenbroucke.pdf
    • http://weasciaoak.myhome.cx/52d72d62d42d92d8/Cloner-le-Christ-by-Didier-van-Cauwelaert.pdf
    • http://weasciaoak.myhome.cx/72d22d62d92d22d1/L-Art-au-XIXe-Si-cle-by-Yvan-Christ.pdf
    • http://weasciaoak.myhome.cx/12d12d92d82d32d92d0/Madam-B-uerin-by-Lena-Christ.pdf
    • http://weasciaoak.myhome.cx/12d02d82d12d12d92d4/Der-Ungez-hmte-Christ-by-John-Eldredge.pdf
    • http://weasciaoak.myhome.cx/52d52d22d72d32d6/Le-Christ-aux-coquelicots-by-Christian-Bobin.pdf
    • http://weasciaoak.myhome.cx/62d82d42d42d72d7/La-croix-de-J-us-Christ-by-John-R-W-Stott.pdf
    • http://weasciaoak.myhome.cx/72d52d02d02d62d3/J-sus-Christ-en-Flandre-by-Honor-de-Balzac.pdf
    • http://weasciaoak.myhome.cx/52d12d42d82d42d5/La-veuve-du-Christ-by-Anne-Sylvie-Sprenger.pdf
    • http://weasciaoak.myhome.cx/82d72d32d62d02d0/Warum-ich-kein-Christ-bin-by-Kurt-Flasch.pdf
    • http://weasciaoak.myhome.cx/72d22d62d92

Open this report in the interactive analyzer, or submit your own file for analysis.