Malicious PDF — malware analysis report

Static analysis result for SHA-256 d788ea911f7ddf1d…

MALICIOUS

PDF

42.6 KB Created: 2018-11-23 08:01:05 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.16)
MD5: a27b6b6b680591243f63af9bf92dea95 SHA-1: 239c3777d866574b8cd1d671fe15c593bed0a978 SHA-256: d788ea911f7ddf1d7f9aedf731fa1ee98d5f92e9ca9e7d67d03deb5c878cd13c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7310085-0 and an ML classifier indicated a high probability of maliciousness. A PDF URI heuristic identified an external URL, http://www.gorillawalker.com/far-from-rome-near-to-god.pdf, which is likely the location of a secondary payload. The document body contains obfuscated text, but the presence of the external URL and the ClamAV detection strongly suggest a dropper functionality.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7310085-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7310085-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/far-from-rome-near-to-god.pdf
    • http://www.gorillawalker.com/motorcycles-let-s-investigate.pdf
    • http://www.gorillawalker.com/ron-o-brien-s-diving-for-gold.pdf
    • http://www.gorillawalker.com/gas-chromatography-second-international-symposium-1959.pdf
    • http://www.gorillawalker.com/the-deadly-game-the-malichea-quest.pdf
    • http://www.gorillawalker.com/4-pezzi-sacri-te-deum-no-4-vocal-score-qty.pdf
    • http://www.gorillawalker.com/the-sound-of-music-libretto-and-principal-chorus-part.pdf
    • http://www.gorillawalker.com/toxicology-of-the-hematopoietic-system-volume-4.pdf
    • http://www.gorillawalker.com/michelin-bordeaux-perigueux-tulle-france-map-no-75-michelin-maps.pdf
    • http://www.gorillawalker.com/racial-and-ethnic-groups-14th-edition.pdf
    • http://www.gorillawalker.com/kitchen-home-diary-2016-a5-week-to-view-diary-with.pdf
    • http://www.gorillawalker.com/case-studies-in-systemic-sclerosis.pdf
    • http://www.gorillawalker.com/the-potter-s-book-of-glaze-recipes.pdf
    • http://www.gorillawalker.com/iec-60068-2-60-ed-2-0-b-1995-environmental.pdf
    • http://www.gorillawalker.com/jim-bowie-texas-heroes-volume-2.pdf
    • http://www.gorillawalker.com/internal-landscapes-and-foreign-bodies-eating-disorders-and-other-pathologies.pdf
    • http://www.gorillawalker.com/auschwitz.pdf
    • http://www.gorillawalker.com/journey-through-ethiopia.pdf
    • http://www.gorillawalker.com/the-miracle-morning-for-real-estate-agents-it-s-your.pdf
    • http://www.gorillawalker.com/a-programmed-introduction-to-medical-terminology.pdf
    • http://www.gorillawalker.com/medical-hypnosis-volume-ii-the-practice-of-hypnotherapy.pdf
    • http://www.gorillawalker.com/hawaii-maps-mile-by-mile-big-island-road-guide.pdf
    • http://www.gorillawalker.com/survival-english-english-through-conversations-book-2.pdf
    • http://www.gorillawalker.com/anagrams-of-desire-angela-carter-s-writing-for-radio-film.pdf
    • http://www.gorillawalker.com/recycled-aggregate-in-concrete-use-of-industrial-construction-and-demolition.pdf
    • http://www.gorillawalker.com/caravan-family-the-family-series.pdf
    • http://www.gorillawalker.com/apprenticeship-which-way-forward-oecd-votec-systems-programme.pdf
    • http://www.gorillawalker.com/hawkins-dynasty-three-generations-of-a-tudor-family.pdf
    • http://www.gorillawalker.com/the-complete-works-of-william-dampier-containing-particular-descriptions-of.pdf
    • http://www.gorillawalker.com/survey-questions-handcrafting-the-standardized-questionnaire-quantitative-applications-in-the.pdf
    • http://www.gorillawalker.com/new-teen-titans-vol-3.pdf
    • http://www.gorillawalker.com/nekrasov-kira-georgievna-russian-studies.pdf
    • http://www.gorillawalker.com/early-ships-and-seafaring-water-transport-beyond-europe.pdf
    • http://www.gorillawalker.com/asthma-free-in-21-days-the-breakthrough-mind-body-healing.pdf
    • http://www.gorillawalker.com/core-statutes-on-company-law-2015-16-palgrave-core-statutes.pdf
    • http://www.gorillawalker.com/10-minutes-a-day-problem-solving-ks2-ages-7-9.pdf
    • http://www.gorillawalker.com/matilda-told-such-dreadful-lies.pdf
    • http://www.gorillawalker.com/bathrooms-make-me-nervous-a-guidebook-for-women-with-urination.pdf
    • http://www.gorillawalker.com/schradieck-school-of-violin-technique-vol-2-practices-in-double.pdf
    • http://www.gorillawalker.com/how-to-dominate-with-short-pips-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.