Malicious PDF — malware analysis report

Static analysis result for SHA-256 d71d4f3dc803516f…

MALICIOUS

PDF

43.6 KB Created: 2019-03-17 11:00:46 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 168ec58f24c33b4e072569e99e39f971 SHA-1: d767a54afb7a5b4be0180394f2dbcc8b66ee9c79 SHA-256: d71d4f3dc803516f7128142a253ecb146afe55af012500476521cc1bd6d6a658
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The PDF was flagged by ML classifiers and ClamAV as malicious, specifically as a dropper. It contains an embedded URI pointing to a PDF file hosted on 'gorillawalker.com'. This suggests the document's primary purpose is to trick the user into clicking the link and downloading a secondary malicious payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7393440-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7393440-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/data-center-infrastructure-designs-from-server-connectivity-to-high-speed.pdf
    • http://www.gorillawalker.com/cairo-histories-of-a-city.pdf
    • http://www.gorillawalker.com/the-vampire-watcher-s-notebook-a-guide-for-slayers.pdf
    • http://www.gorillawalker.com/handbook-of-antibiotic-compounds-volume-i.pdf
    • http://www.gorillawalker.com/targeted-regulatory-writing-techniques-clinical-documents-for-drugs-and-biologics.pdf
    • http://www.gorillawalker.com/uka-la-chaman-spanish-edition.pdf
    • http://www.gorillawalker.com/welcome-caller-this-is-chloe-kindle-edition.pdf
    • http://www.gorillawalker.com/fm-jackson-ms-rand-mcnally-folded-map-cities.pdf
    • http://www.gorillawalker.com/regulating-the-use-of-biological-hazardous-materials-in-universities-complying.pdf
    • http://www.gorillawalker.com/free-running-the-urban-landscape-is-your-playground.pdf
    • http://www.gorillawalker.com/churches-and-chapels-a-design-and-development-guide-butterworth-architecture.pdf
    • http://www.gorillawalker.com/real-time-three-dimensional-transesophageal-echocardiography-a-step-by-step.pdf
    • http://www.gorillawalker.com/abiding-flame.pdf
    • http://www.gorillawalker.com/how-to-say-it-r-to-seniors-closing-the-communication.pdf
    • http://www.gorillawalker.com/applications-of-random-vibrations.pdf
    • http://www.gorillawalker.com/syrian-sunshine-town-and-country-series.pdf
    • http://www.gorillawalker.com/tecnicas-de-energia-muscular-spanish-edition.pdf
    • http://www.gorillawalker.com/from-darkness-to-light-the-concept-of-salvation-in-the.pdf
    • http://www.gorillawalker.com/post-traumatic-success-positive-psychology-solution-focused-strategies-to-help.pdf
    • http://www.gorillawalker.com/metal-oxides-chemistry-and-applications-chemical-industries.pdf
    • http://www.gorillawalker.com/fourth-grade-brain-teasers.pdf
    • http://www.gorillawalker.com/teach-yourself-harmonica.pdf
    • http://www.gorillawalker.com/three-dimensional-trimming-and-machining-the-five-axis-cnc-router.pdf
    • http://www.gorillawalker.com/marilyn-norma-jeane.pdf
    • http://www.gorillawalker.com/the-tv-guide-book-of-lists-revealing-facts-fascinating-fads.pdf
    • http://www.gorillawalker.com/the-hero-s-journey-joseph-campbell-on-his-life-and.pdf
    • http://www.gorillawalker.com/puerto-rican-music-and-dance.pdf
    • http://www.gorillawalker.com/miata-20-years.pdf
    • http://www.gorillawalker.com/magic-scorned-the-sorceress-chronicles-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-handbook-of-employee-benefitshealth-and-group-benefits-7-e.pdf
    • http://www.gorillawalker.com/wordperfect-5-0-advanced-features-with-desktop-publishing.pdf
    • http://www.gorillawalker.com/the-history-of-embraer.pdf
    • http://www.gorillawalker.com/u-s-territories-and-possessions-let-s-explore-the-states.pdf
    • http://www.gorillawalker.com/electricity-and-magnetism-science-fair-projects-physics-science-projects-using.pdf
    • http://www.gorillawalker.com/millennium-s-dawn.pdf
    • http://www.gorillawalker.com/managing-intellectual-capital-organizational-strategic-and-policy-dimensions-clarendon-lectures.pdf
    • http://www.gorillawalker.com/sound-at-sight-drum-kit-book-1-grades-1-4.pdf
    • http://www.gorillawalker.com/engineering-properties-of-rocks-volume-4-geo-engineering-book-series.pdf
    • http://www.gorillawalker.com/industrial-engineering-applications-in-emerging-countries.pdf
    • http://www.gorillawalker.com/otto-of-the-silver-hand-illustrated-annotated-kindle-edition.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.