Malicious PDF — malware analysis report

Static analysis result for SHA-256 d1d5323a1cbfb28e…

MALICIOUS

PDF

32.4 KB Created: 2019-09-02 22:00:18 +03:00 Authoring application: Adobe InDesign CS6 (Windows) (via Adobe PDF Library 10.0.1)
MD5: 0db1b6b8d857898929a588e6e510fa91 SHA-1: 1c0c9b8502b227391b5c4229c41363b9a4462f4c SHA-256: d1d5323a1cbfb28ebbc997fa96271082013f8415c43a7fc71ef7dda406942cf8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected as malicious by ClamAV with the signature Pdf.Dropper.Agent-7183346-0. ML classification also flagged it with high confidence. The PDF contains embedded URLs pointing to various documents on gorillawalker.com, suggesting it acts as a dropper for further malicious content. The presence of these URLs and the dropper signature strongly indicate an attack pattern aimed at delivering a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8488

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7183346-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7183346-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/botticelli-in-hollywood-the-films-of-albert-lewin-twayne-s.pdf
    • http://www.gorillawalker.com/a-tooth-from-the-tiger-s-mouth-how-to-treat.pdf
    • http://www.gorillawalker.com/all-star-western-theater-successful-operation-and-just-one-shot.pdf
    • http://www.gorillawalker.com/deterrence-a-conceptual-analysis-sage-library-of-social-research.pdf
    • http://www.gorillawalker.com/christmas-carol-eyewitness-classics.pdf
    • http://www.gorillawalker.com/now-i-can-dream-adult-black-males-and-the-mentors.pdf
    • http://www.gorillawalker.com/diet-101-the-truth-about-low-carb-diets-paperback-2012.pdf
    • http://www.gorillawalker.com/thinking-critically-about-happiness-routledge-studies-in-social-and-political.pdf
    • http://www.gorillawalker.com/summary-e-strategy-pure-simple-michel-robert-and-bernard-racine.pdf
    • http://www.gorillawalker.com/curso-de-electr-nica-automotriz-2-incluyendo-lectura-de-diagramas.pdf
    • http://www.gorillawalker.com/50-minicontos-de-sacanagem-portuguese-edition.pdf
    • http://www.gorillawalker.com/movie-talk-from-the-front-lines-filmmakers-discuss-their-works.pdf
    • http://www.gorillawalker.com/lack-of-relationship-insight-raises-risk-of-stds-in-teens.pdf
    • http://www.gorillawalker.com/new-directions-in-education-policy-implementation-confronting-complexity.pdf
    • http://www.gorillawalker.com/the-new-york-subway-its-construction-and-equipment.pdf
    • http://www.gorillawalker.com/investments-mcgraw-hill-irwin-series-in-finance-insurance-and-real.pdf
    • http://www.gorillawalker.com/letters-of-the-century-america-1900-1999.pdf
    • http://www.gorillawalker.com/weirdest-and-wackiest-world-records-from-the-absolutely-bizarre-to.pdf
    • http://www.gorillawalker.com/face-recognition-vendor-test-2006-and-iris-challenge-evaluation-2006.pdf
    • http://www.gorillawalker.com/big-bible-challenge-e100.pdf
    • http://www.gorillawalker.com/miniatlas-diabetes-spanish-edition.pdf
    • http://www.gorillawalker.com/england-under-the-tudors.pdf
    • http://www.gorillawalker.com/the-untold-story-of-panama.pdf
    • http://www.gorillawalker.com/german-sniper-rifles-propaganda-photo.pdf
    • http://www.gorillawalker.com/a-traveler-s-guide-java-and-sumatra.pdf
    • http://www.gorillawalker.com/the-cross-walk-a-lenten-study-for-adults.pdf
    • http://www.gorillawalker.com/farm-cow-3-box-set-hucow-bdsm-fertile-pregnancy-milking.pdf
    • http://www.gorillawalker.com/specialized-dementia-care-units-johns-hopkins-series-in-contemporary-medicine.pdf
    • http://www.gorillawalker.com/phantom-mischief.pdf
    • http://www.gorillawalker.com/automotive-aerodynamics-handbook-a-practical-engineering-approach.pdf
    • http://www.gorillawalker.com/queen-realms-of-the-infinite-book-2.pdf
    • http://www.gorillawalker.com/death-on-a-high-floor.pdf
    • http://www.gorillawalker.com/electrical-installation-work.pdf
    • http://www.gorillawalker.com/what-does-the-bible-say-about-easy-to-understand-answers.pdf
    • http://www.gorillawalker.com/the-last-gift.pdf
    • http://www.gorillawalker.com/the-california-indians-a-source-book.pdf
    • http://www.gorillawalker.com/chemical-hydrometallurgy-theory-and-pri.pdf
    • http://www.gorillawalker.com/beloeil-et-la-maison-de-ligne-french-edition.pdf
    • http://www.gorillawalker.com/atoms-in-intense-laser-fields.pdf
    • http://www.gorillawalker.com/write-for-your-soul-the-whys-and-hows-of-journaling.pdf
    • http://www.gorillawalker.com/curso-de-electr-nica-automotriz-2-incluyendo-lectu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.