Malicious PDF — malware analysis report

Static analysis result for SHA-256 d8490a2bf1415e5a…

MALICIOUS

PDF

33.0 KB Created: 2019-08-03 20:45:27 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: b5e5658373e46f07ded0f7d2a7d046e6 SHA-1: fa1cfbccc1eadc6f180f13ab6bf2c843a52e16b5 SHA-256: d8490a2bf1415e5a4c1e3604905ce21887eff554af1a57851198da80e3a9e4e3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link T1059.001 PowerShell

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-7145039-0 and a machine learning classifier indicated a high probability of maliciousness. The presence of external URIs, specifically http://www.gorillawalker.com/revolutionary-war-essential-library-of-american-wars.pdf, suggests the document is designed to lure the user into downloading a secondary payload. No scripts were extracted, but the PDF structure and heuristics point towards a dropper functionality.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7145039-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7145039-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/revolutionary-war-essential-library-of-american-wars.pdf
    • http://www.gorillawalker.com/chesapeake-ohio-steam-in-color-as-modeled.pdf
    • http://www.gorillawalker.com/psychology-of-trauma-101.pdf
    • http://www.gorillawalker.com/cursive-handwriting.pdf
    • http://www.gorillawalker.com/bikol-dictionary-english-bikol-index-and-bikol-english-dictionary-english.pdf
    • http://www.gorillawalker.com/behavioral-finance-and-wealth-management-how-to-build-optimal-portfolios.pdf
    • http://www.gorillawalker.com/coffee-a-guide-to-buying-brewing-enjoying-revised-edition.pdf
    • http://www.gorillawalker.com/regional-geomorphology-of-the-united-states.pdf
    • http://www.gorillawalker.com/secret-lives-of-the-civil-war-what-your-teachers-never.pdf
    • http://www.gorillawalker.com/naval-artificer-s-manual-the.pdf
    • http://www.gorillawalker.com/la-damnation-de-faust-dramatic-legend-in-full-score-french.pdf
    • http://www.gorillawalker.com/construction-operations-manual-of-policies-and-procedures-construction-operations-manual.pdf
    • http://www.gorillawalker.com/humanitarian-intervention-a-history.pdf
    • http://www.gorillawalker.com/using-insulin-everything-you-need-for-success-with-insulin.pdf
    • http://www.gorillawalker.com/ceratopsia-a-natural-history-of-the-horned-dinosaurs.pdf
    • http://www.gorillawalker.com/bottom-of-the-glass-trivia-coasters-beer.pdf
    • http://www.gorillawalker.com/flavours-of-india-hardcover.pdf
    • http://www.gorillawalker.com/tanks-and-armoured-fighting-vehicles-the-world-s-greatest-vehicles.pdf
    • http://www.gorillawalker.com/m4-sherman-vs-type-97-chi-ha-the-pacific-1945.pdf
    • http://www.gorillawalker.com/kennedy-and-the-cuban-missile-crisis-days-of-decision.pdf
    • http://www.gorillawalker.com/song-of-lawino-song-of-ocol-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/zagatsurvey-2008-new-york-city-gourmet-shopping-entertaining-zagat-survey.pdf
    • http://www.gorillawalker.com/mother-auk-tales-reflections-from-beneath-a-raft-a-compilation.pdf
    • http://www.gorillawalker.com/narrative-of-a-journey-to-the-shores-of-the-polar.pdf
    • http://www.gorillawalker.com/sherlock-holmes-was-wrong-reopening-the-case-of-the-hound.pdf
    • http://www.gorillawalker.com/characterization-techniques-and-tabulations-for-organic-nonlinear-optical-materials-optical.pdf
    • http://www.gorillawalker.com/dark-space-origin.pdf
    • http://www.gorillawalker.com/como-hacer-embutidos-caseros-how-to-make-homemade-sausage-spanish.pdf
    • http://www.gorillawalker.com/haydn-and-his-world.pdf
    • http://www.gorillawalker.com/how-the-early-church-fathers-misinterpreted-the-hebrew-bible-to.pdf
    • http://www.gorillawalker.com/fema-prepare-respond-and-recover-emergency-response.pdf
    • http://www.gorillawalker.com/special-two-volume-edition-the-second-and-third-collection-the.pdf
    • http://www.gorillawalker.com/finding-the-story-behind-the-numbers-a-tool-based-guide.pdf
    • http://www.gorillawalker.com/ascent-of-humanity-1-discovery-volume-1.pdf
    • http://www.gorillawalker.com/piloting-seamanship-small-boat-handling.pdf
    • http://www.gorillawalker.com/thinking-utopia-steps-into-other-worlds-making-sense-of-history.pdf
    • http://www.gorillawalker.com/songs-vol-5-for-medium-low-voice-kalmus-classic-edition.pdf
    • http://www.gorillawalker.com/battle-fields-of-the-south-bull-run-to-fredericksburg-with.pdf
    • http://www.gorillawalker.com/the-dom-in-me-kindle-edition.pdf
    • http://www.gorillawalker.com/leichentuch-band-2-der-blutdrachen-trilogie-german-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.