Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0a759185510dc30…

MALICIOUS

PDF

43.0 KB Created: 2019-02-14 08:26:51 +03:00 Authoring application: Adobe InDesign CC 2015 (Macintosh) (via Adobe PDF Library 15.0)
MD5: 19631bf01ce567c49be51673ca8469ca SHA-1: b46ac6cf14996c4f61b3140cf303c16224e10cb4 SHA-256: d0a759185510dc3005e23e0cd1161242fb8d4430cd2b0fc34d2d19e7cc7be12e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The PDF contains multiple embedded URLs pointing to external documents, suggesting a dropper or downloader functionality. The presence of these URLs is the primary indicator of the attack pattern, as they are likely used to fetch and execute further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7306659-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7306659-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/project-cost-estimating.pdf
    • http://www.gorillawalker.com/kashmir-ethnic-conflict-international-dispute.pdf
    • http://www.gorillawalker.com/the-porcupine-year.pdf
    • http://www.gorillawalker.com/treating-cancer-with-herbs-an-integrative-approach.pdf
    • http://www.gorillawalker.com/birth-of-the-vampire-the-vanderlind-realm-book-1-kindle.pdf
    • http://www.gorillawalker.com/caleb-morgan-seven-brothers-for-mcbride-7-siren-publishing-everlasting.pdf
    • http://www.gorillawalker.com/monitoring-neurotransmitter-release-during-behavior-ellis-horwood-health-science-series.pdf
    • http://www.gorillawalker.com/this-is-hybrid-english-and-spanish-edition.pdf
    • http://www.gorillawalker.com/seamus-heaney-and-medieval-poetry.pdf
    • http://www.gorillawalker.com/ten-fun-things-to-do-in-south-portland.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-country-living-40th-anniversary-edition-the-original.pdf
    • http://www.gorillawalker.com/ferrets-2015-square-12x12-multilingual-edition.pdf
    • http://www.gorillawalker.com/joan-sebastian-las-canciones-de-piano-vocal-guitar-artist-songbook.pdf
    • http://www.gorillawalker.com/the-dice-of-fate.pdf
    • http://www.gorillawalker.com/on-ayer-wadsworth-notes.pdf
    • http://www.gorillawalker.com/finding-the-cure.pdf
    • http://www.gorillawalker.com/diet-and-nutrition-with-a-special-focus-on-swimming-and.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-the-mexican-american-war-3-volumes-a.pdf
    • http://www.gorillawalker.com/belief-attitude-intention-and-behavior-an-introduction-to-theory-and.pdf
    • http://www.gorillawalker.com/langenscheidt-s-standard-turkish-dictionary-turkish-english-english-turkish.pdf
    • http://www.gorillawalker.com/italy-explained-italian-trains-kindle-edition.pdf
    • http://www.gorillawalker.com/27-recetas-f.pdf
    • http://www.gorillawalker.com/best-of-london-lonely-planet-pocket-guide-london.pdf
    • http://www.gorillawalker.com/a-doctor-s-vietnam-journal-militaryb-monograph.pdf
    • http://www.gorillawalker.com/david-zeisberger-a-life-among-the-indians.pdf
    • http://www.gorillawalker.com/to-the-navel-of-the-world-yaks-and-unheroic-travels.pdf
    • http://www.gorillawalker.com/la-gu-a-b-blica-para-la-liberaci-n-spanish.pdf
    • http://www.gorillawalker.com/the-secret-history-of-hermes-trismegistus-hermeticism-from-ancient-to.pdf
    • http://www.gorillawalker.com/nursing-school-study-pack-drug-reference-labs-mnemonics-ekg-4.pdf
    • http://www.gorillawalker.com/light-and-plant-growth-topics-in-plant-physiology.pdf
    • http://www.gorillawalker.com/aleman-para-el-viajero-lonely-planet-phrasebook-and-dictionary-spanish.pdf
    • http://www.gorillawalker.com/petroff-an-expert-repertoire-for-black.pdf
    • http://www.gorillawalker.com/cardiorenal-management-an-integrated-approach-blood-purification.pdf
    • http://www.gorillawalker.com/the-impact-of-tablet-pcs-and-pen-based-technology-on.pdf
    • http://www.gorillawalker.com/on-the-art-of-the-no-drama-the-major-treatises.pdf
    • http://www.gorillawalker.com/amante-vengado-vii-la-hermandad-de-la-daga-negra-black.pdf
    • http://www.gorillawalker.com/the-ten-commandments-laws-that-liberate-new-community-bible-study.pdf
    • http://www.gorillawalker.com/more-good-questions-great-ways-to-differentiate-secondary-mathematics-instruction.pdf
    • http://www.gorillawalker.com/alte-und-neue-gronlandische-fischerei-und-wallfischfang-german-edition.pdf
    • http://www.gorillawalker.com/recent-developments-on-reliability-maintenance-and-safety-wit-transactions-on.pdf
    • http://www.gorillawalker.com/caleb-morgan-seven-brothers-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.