Malicious PDF — malware analysis report

Static analysis result for SHA-256 d4785ca6aaff3e6d…

MALICIOUS

PDF

35.3 KB Created: 2019-09-18 22:10:14 +03:00 Authoring application: Apache FOP Version 1.0
MD5: b95fb8fb90b1679913afca88276a2cfc SHA-1: c766230630c10583894c152a147f07587ff4ae99 SHA-256: d4785ca6aaff3e6d088ffbfde7a0ee6f485799414ae07a18acc197c5df2e7f69
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file was detected by ClamAV as Pdf.Dropper.Agent-7190465-0 and flagged by an ML classifier as malicious. It contains an embedded URI pointing to a PDF file hosted on gorillawalker.com, indicating a likely dropper or downloader functionality. The document body content is heavily obfuscated and unreadable, providing no further clues about the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8315

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7190465-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7190465-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/random-data-analysis-measurement-procedures.pdf
    • http://www.gorillawalker.com/the-self-compassion-diet-a-step-by-step-program-to.pdf
    • http://www.gorillawalker.com/silence-in-the-garden-william-trevor-backlist-novels.pdf
    • http://www.gorillawalker.com/amedee-the-new-tenant-victims-of-duty-three-plays-ionesco.pdf
    • http://www.gorillawalker.com/nag-hammadi-codices-codex-v-1975.pdf
    • http://www.gorillawalker.com/the-best-of-discovery-jazz-trombone-1.pdf
    • http://www.gorillawalker.com/early-postfire-revegetation-in-a-western-montana-douglas-fir-forest.pdf
    • http://www.gorillawalker.com/1-tanzania-travel-reference-map-1-1-370-000.pdf
    • http://www.gorillawalker.com/cooking-with-wild-berries-fruits-of-illinois-iowa-and-missouri.pdf
    • http://www.gorillawalker.com/recent-advances-in-the-paleobiology-and-geology-of-the-cnidaria.pdf
    • http://www.gorillawalker.com/new-trend-white-lie.pdf
    • http://www.gorillawalker.com/neverending-fractions-an-introduction-to-continued-fractions-australian-mathematical-society.pdf
    • http://www.gorillawalker.com/fashion-school-survival-guide.pdf
    • http://www.gorillawalker.com/construction-craft-supervision.pdf
    • http://www.gorillawalker.com/cirque-du-freak-5-trials-of-death-book-5-in.pdf
    • http://www.gorillawalker.com/not-inside-this-house.pdf
    • http://www.gorillawalker.com/functional-organic-and-polymeric-materials-molecular-functionality-macroscopic-reality.pdf
    • http://www.gorillawalker.com/picture-perfect-when-life-doesn-t-line-up.pdf
    • http://www.gorillawalker.com/the-evidence-mars-hill-classified-book-1.pdf
    • http://www.gorillawalker.com/saul-steinberg-a-biography.pdf
    • http://www.gorillawalker.com/dun-laoghaire-and-monkstown-1908-dublin-sheet-23-06-old.pdf
    • http://www.gorillawalker.com/ryersons-on-the-lusitania-kindle-edition.pdf
    • http://www.gorillawalker.com/el-chagueite-jalapa-el-perido-formativo-en-el-oriente-de.pdf
    • http://www.gorillawalker.com/nelson-mandela-leading-the-way-library-bound-time-for-kids.pdf
    • http://www.gorillawalker.com/key-concepts-in-organization-theory-sage-key-concepts-series.pdf
    • http://www.gorillawalker.com/spirituality-and-the-therapeutic-process-a-comprehensive-resource-from-intake.pdf
    • http://www.gorillawalker.com/circular-v-146.pdf
    • http://www.gorillawalker.com/computational-complexity-of-solving-equation-systems-springerbriefs-in-philosophy.pdf
    • http://www.gorillawalker.com/how-mushrooms-should-be-grown.pdf
    • http://www.gorillawalker.com/use-of-moving-averages-in-technical-analysis-with-examples-from.pdf
    • http://www.gorillawalker.com/a-friar-s-bloodfeud-knights-templar-series.pdf
    • http://www.gorillawalker.com/lonely-planet-taiwan-travel-guide.pdf
    • http://www.gorillawalker.com/consequence.pdf
    • http://www.gorillawalker.com/el-campo-de-batalla-de-la-mente-para-j-venes.pdf
    • http://www.gorillawalker.com/26-italian-songs-and-arias-an-authoritive-edition-based-on.pdf
    • http://www.gorillawalker.com/protectors-of-the-code-the-christmas-day-abortion-clinic-bombing.pdf
    • http://www.gorillawalker.com/399-breasts-the-ultimate-boobs-photo-collection.pdf
    • http://www.gorillawalker.com/septuagint-scrolls-and-cognate-writings-brown-judaic-studies.pdf
    • http://www.gorillawalker.com/flight-testing-of-fixed-wing-aircraft-aiaa-education.pdf
    • http://www.gorillawalker.com/vintage-commercial-art-and-design-dover-pictorial-archive.pdf
    • http://www.gorillawalker.com/new
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.