Malicious PDF — malware analysis report

Static analysis result for SHA-256 d8e60e74d333a686…

MALICIOUS

PDF

33.2 KB Created: 2019-09-08 11:50:58 +03:00 Authoring application: TeX (via pdfTeX-0.13d)
MD5: 240290e85973afa9dc0fe8eefb501ced SHA-1: c818222d1f546b1733af0dd89480f675146b3520 SHA-256: d8e60e74d333a686a58936c3b3f1f5381906d936978505b3d955b702182b7c88
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is a PDF document detected by ClamAV as Pdf.Dropper.Agent-7194027-0. It contains an embedded external URI pointing to a PDF file hosted on www.gorillawalker.com. This suggests the document is part of a distribution chain, likely attempting to trick users into downloading further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7194027-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7194027-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-last-of-the-mohicans-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/sports-talk-shows-heat-but-no-light-an-article-from.pdf
    • http://www.gorillawalker.com/minecraft-diary-of-a-minecraft-creeper-an-unofficial-minecraft-book.pdf
    • http://www.gorillawalker.com/the-highlander-s-dangerous-temptation-the-maclerie-clan-book-7.pdf
    • http://www.gorillawalker.com/jewish-space-in-contemporary-poland.pdf
    • http://www.gorillawalker.com/cisco-ise-for-byod-and-secure-unified-access.pdf
    • http://www.gorillawalker.com/food-ingredients-trends-in-food-technology.pdf
    • http://www.gorillawalker.com/diseases-and-parasites-of-livestock-in-the-tropics.pdf
    • http://www.gorillawalker.com/a-handbook-for-travellers-in-switzerland-and-the-alps-of.pdf
    • http://www.gorillawalker.com/ngos-in-china-and-europe.pdf
    • http://www.gorillawalker.com/a-history-of-zimbabwe.pdf
    • http://www.gorillawalker.com/the-international-journal-of-orthodontia-and-oral-surgery-vol-5.pdf
    • http://www.gorillawalker.com/nonverbal-behavior-in-interpersonal-relations.pdf
    • http://www.gorillawalker.com/quality-problem-solving.pdf
    • http://www.gorillawalker.com/300-progressive-sight-reading-exercises-for-mandolin-large-print-version.pdf
    • http://www.gorillawalker.com/the-woods.pdf
    • http://www.gorillawalker.com/how-to-write-lyrical-limericks-poems-that-pay.pdf
    • http://www.gorillawalker.com/her-dirty-little-secrets.pdf
    • http://www.gorillawalker.com/slimming-world-s-four-seasons-cookbook.pdf
    • http://www.gorillawalker.com/optical-space-communication-ii-10-11-june-1991-munich-germany.pdf
    • http://www.gorillawalker.com/remembering-september-11-2001-what-we-know-now-issues-in.pdf
    • http://www.gorillawalker.com/the-avowed-lesbian-mother-and-her-right-to-child-custody.pdf
    • http://www.gorillawalker.com/ofdm-for-optical-communications.pdf
    • http://www.gorillawalker.com/non-gaussian-statistical-communication-theory.pdf
    • http://www.gorillawalker.com/gordon-lightfoot-deluxe-anthology-voice-piano-guitar.pdf
    • http://www.gorillawalker.com/rubaiyat-of-omar-khayyam-quatrains.pdf
    • http://www.gorillawalker.com/social-disintegration-and-popular-resistance-in-the-ottoman-empire-1881.pdf
    • http://www.gorillawalker.com/built-to-lead-7-management-r-e-w-a-r.pdf
    • http://www.gorillawalker.com/schleiermacher-and-religious-feeling-studies-in-philosophical-theology.pdf
    • http://www.gorillawalker.com/the-best-book-of-puns.pdf
    • http://www.gorillawalker.com/environment.pdf
    • http://www.gorillawalker.com/the-reference-guide-to-data-sources.pdf
    • http://www.gorillawalker.com/four-little-witches.pdf
    • http://www.gorillawalker.com/beautiful-dirty-rich.pdf
    • http://www.gorillawalker.com/takedown-wrestling-sports-starters-crabtree-paperback.pdf
    • http://www.gorillawalker.com/raindrops-on-my-windowpane-for-string-orchestra.pdf
    • http://www.gorillawalker.com/hunter-x-hunter-vol-28.pdf
    • http://www.gorillawalker.com/memoirs-of-a-babylonian-princess-maria-theresa-asmar-daughter-of.pdf
    • http://www.gorillawalker.com/awa-maru-titanic-of-japan.pdf
    • http://www.gorillawalker.com/personality-and-disease-wiley-series-on-personality-processes.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.