Malicious PDF — malware analysis report

Static analysis result for SHA-256 cdc945b0a5d0408b…

MALICIOUS

PDF

33.9 KB Created: 2019-11-23 19:52:14 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Acrobat Distiller 8.2.6 (Windows))
MD5: 2581454e523a924b11b4815946c45a36 SHA-1: 7c2b59d4765fa6b6c7309a6bf065116963a4d89b SHA-256: cdc945b0a5d0408b08e102d19a8db7eb0c5bb875f15a9cd2267d0ebf5f0cfa91
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is a PDF document that contains multiple embedded URLs pointing to external PDF files. One of these URLs, http://www.gorillawalker.com/joe-henderson-improvised-sax-solos.pdf, was flagged by heuristics as an external URI. The ClamAV detection and ML classifier strongly indicate malicious intent, likely a dropper mechanism to download further malicious content. No scripts were extracted, limiting the analysis of the specific payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-9484322-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9484322-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/joe-henderson-improvised-sax-solos.pdf
    • http://www.gorillawalker.com/conventional-and-ultimate-truth-a-key-for-fundamental-theology-thresholds.pdf
    • http://www.gorillawalker.com/a-tribute-to-working-women-past-and-present.pdf
    • http://www.gorillawalker.com/raiders-and-rebels-in-south-africa-rhodesiana-reprint-library-silver.pdf
    • http://www.gorillawalker.com/steam-train-dream-train-puzzle.pdf
    • http://www.gorillawalker.com/sophie-kay-s-pasta-cookery.pdf
    • http://www.gorillawalker.com/step-one-teach-yourself-recorder.pdf
    • http://www.gorillawalker.com/early-polemical-writings-kierkegaard-s-writings-vol-1.pdf
    • http://www.gorillawalker.com/a-computer-generated-dictionary-of-proto-algonquian-mercury-series.pdf
    • http://www.gorillawalker.com/performing-the-nation-swahili-music-and-cultural-politics-in-tanzania.pdf
    • http://www.gorillawalker.com/the-dragon-s-bard-siren-publishing-classic-manlove.pdf
    • http://www.gorillawalker.com/materia-medica-of-india-and-their-therapeutics.pdf
    • http://www.gorillawalker.com/bernard-baruch-the-adventures-of-a-wall-street-legend.pdf
    • http://www.gorillawalker.com/preachers-pastors-and-ambassadors-puritan-wisdom-for-today-s-church.pdf
    • http://www.gorillawalker.com/how-much-do-we-deserve-an-inquiry-in-distributive-justice.pdf
    • http://www.gorillawalker.com/pittsburgh-pirates-america-s-game.pdf
    • http://www.gorillawalker.com/here-i-am-to-worship-25-worship-favorites-5-new.pdf
    • http://www.gorillawalker.com/james-jude-journible-the-17-18-series-journibles-the-17.pdf
    • http://www.gorillawalker.com/differential-geometry-under-the-influence-of-s-s-chern-volume.pdf
    • http://www.gorillawalker.com/15-intermediate-jazz-duets-bass-clef-edition-trombone-acoustic-electric.pdf
    • http://www.gorillawalker.com/christmas-around-the-world.pdf
    • http://www.gorillawalker.com/there-was-an-old-lady-who-swallowed-some-leaves.pdf
    • http://www.gorillawalker.com/twilight-in-the-forbidden-city-illustrated-and-revised-4th-edition.pdf
    • http://www.gorillawalker.com/a-natural-history-of-the-piano-the-instrument-the-music.pdf
    • http://www.gorillawalker.com/narrative-learning.pdf
    • http://www.gorillawalker.com/glioblastoma-molecular-mechanisms-of-pathogenesis-and-current-therapeutic-strategies.pdf
    • http://www.gorillawalker.com/post-independence-women-short-story-writers-in-indian-english.pdf
    • http://www.gorillawalker.com/ecuador-its-ancient-and-modern-history-topography-and-natural-resources.pdf
    • http://www.gorillawalker.com/law-in-the-school-a-guide-for-california-schools-school.pdf
    • http://www.gorillawalker.com/colombia-historia-y-presente-historia-colonial-independencia-conflicto-armado-y.pdf
    • http://www.gorillawalker.com/the-dawn-of-indian-music-in-the-west.pdf
    • http://www.gorillawalker.com/amish-snow-white-amish-fairy-tales-series-book-4-kindle.pdf
    • http://www.gorillawalker.com/hidden-treasures-of-the-heart.pdf
    • http://www.gorillawalker.com/pizza-at-sally-s.pdf
    • http://www.gorillawalker.com/fluency-differentiated-interventions-and-progress-monitoring-assessments.pdf
    • http://www.gorillawalker.com/anti-dumping-agreement-and-developing-countries-an-introduction.pdf
    • http://www.gorillawalker.com/forging-legislation.pdf
    • http://www.gorillawalker.com/coders-dictionary-2012.pdf
    • http://www.gorillawalker.com/guide-to-the-marine-sport-fishes-of-atlantic-canada-and.pdf
    • http://www.gorillawalker.com/the-new-rules-of-retirement-strategies-for-a-secure-future.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.