Malicious PDF — malware analysis report

Static analysis result for SHA-256 d4a7c6f7e626826a…

MALICIOUS

PDF

33.9 KB Created: 2020-01-03 01:18:30 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: c70e016187dbfb596112ef7f3413ce30 SHA-1: 4440c9d6db4222701c7fecc2c2a3de946a7a0f6b SHA-256: d4a7c6f7e626826a895898f767eec81108a5228acdd7dfa6a80c8eafecab9b6f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected by ClamAV as Pdf.Dropper.Agent-7571092-0 and flagged by an ML classifier, indicating malicious intent. The PDF contains numerous embedded URLs pointing to external resources, suggesting it acts as a dropper for further malicious content. The presence of these URLs and the dropper classification strongly indicate the file's purpose is to download and execute a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7571092-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7571092-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/feminism-the-essential-historical-writings.pdf
    • http://www.gorillawalker.com/yoga-for-young-people-a-flowmotion-book-essential-yoga-poses.pdf
    • http://www.gorillawalker.com/notebooks-of-michel-bras-desserts.pdf
    • http://www.gorillawalker.com/dutch-and-gina-a-scandal-is-born-volume-3.pdf
    • http://www.gorillawalker.com/dragon-ball-vol-1-sj-edition-the-monkey-king-kindle.pdf
    • http://www.gorillawalker.com/a-short-history-of-naval-and-marine-engineering.pdf
    • http://www.gorillawalker.com/night-train-at-wiscasset-station.pdf
    • http://www.gorillawalker.com/red-earth-laterite-english-and-french-edition.pdf
    • http://www.gorillawalker.com/ceylon-tea-a-trip-to-sri-lanka-everyone-always-says.pdf
    • http://www.gorillawalker.com/body-confident-a-guided-journal-for-losing-weight-and-feeling.pdf
    • http://www.gorillawalker.com/mobile-commerce-opportunities-applications-and-technologies-of-wireless-business.pdf
    • http://www.gorillawalker.com/gen-cmb-ess-med-lang-cnct.pdf
    • http://www.gorillawalker.com/afhandlingar-i-fysik-kemi-och-mineralogi-volume-3-swedish-edition.pdf
    • http://www.gorillawalker.com/the-great-transition-using-the-seven-disciplines-of-enterprise-engineering.pdf
    • http://www.gorillawalker.com/e-z-pre-algebra-barron-s-e-z-series.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-human-prehistory.pdf
    • http://www.gorillawalker.com/god-and-the-natural-law-a-rereading-of-thomas-aquinas.pdf
    • http://www.gorillawalker.com/labor-agreement-in-negotiation-and-arbitration.pdf
    • http://www.gorillawalker.com/learning-german-through-storytelling-des-spielers-tod-a-detective-story.pdf
    • http://www.gorillawalker.com/mel-bay-earth-rhythms-catalog-vol-1.pdf
    • http://www.gorillawalker.com/monster-musume-vol-6.pdf
    • http://www.gorillawalker.com/the-conflict-resolution-toolbox-models-and-maps-for-analyzing-diagnosing.pdf
    • http://www.gorillawalker.com/shipping-container-home-great-design-and-construction-ideas-on-how.pdf
    • http://www.gorillawalker.com/thestreet-ratings-guide-to-exchange-traded-funds-fall-2011-street.pdf
    • http://www.gorillawalker.com/the-gist-of-golf.pdf
    • http://www.gorillawalker.com/intonation-in-text-discourse.pdf
    • http://www.gorillawalker.com/reject-me-i-love-it-21-secrets-for-turning-rejection.pdf
    • http://www.gorillawalker.com/the-power-of-habit-how-to-create-good-habits-break.pdf
    • http://www.gorillawalker.com/natural-resource-conservation-management-for-a-sustainable-future-10th-edition.pdf
    • http://www.gorillawalker.com/dads-toddlers-chicken-dance.pdf
    • http://www.gorillawalker.com/resumes-for-science-careers-mcgraw-hill-professional-resumes.pdf
    • http://www.gorillawalker.com/glass-from-finland-1932-1973.pdf
    • http://www.gorillawalker.com/saxon-phonics-spelling-k-decodeable-reader-look-who-can-cook.pdf
    • http://www.gorillawalker.com/how-to-succeed-in-anesthesia-school-and-rn-pa-or.pdf
    • http://www.gorillawalker.com/exodus-leviticus-numbers-deuteronomy-ancient-christian-commentary-on-scripture-old.pdf
    • http://www.gorillawalker.com/michelin-guide-provence-in-french-french-edition.pdf
    • http://www.gorillawalker.com/five-points-of-calvinism-the.pdf
    • http://www.gorillawalker.com/resilience-suffering-and-creativity-the-work-of-the-refugee-therapy.pdf
    • http://www.gorillawalker.com/serving-femdom-alice-in-martha-s-vineyard-a-novel-of.pdf
    • http://www.gorillawalker.com/no-more-fears.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.