Malicious PDF — malware analysis report

Static analysis result for SHA-256 d975c450cff74fa3…

MALICIOUS

PDF

43.0 KB Created: 2019-03-17 07:52:22 +03:00 Authoring application: FrameMaker 5.5.6. (via Acrobat Distiller 4.05 for Sparc Solaris)
MD5: abc94b39367da5697cab2be6184da963 SHA-1: 311e10de293431833aedef46f16acb25424c3399 SHA-256: d975c450cff74fa3bda7fd4c14a6273e261d04c498e191f0ebcb8a36cf18b66e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link

The file is identified as a malicious PDF dropper by ClamAV and an ML classifier. It contains an embedded URI pointing to a PDF file. The document body, though heavily obfuscated, contains the same URL, indicating an attempt to trick the user into downloading a secondary malicious file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7151480-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7151480-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/show-what-you-know-on-the-5th-grade-msp-student.pdf
    • http://www.gorillawalker.com/an-army-at-dawn-the-war-in-north-africa-1942.pdf
    • http://www.gorillawalker.com/gto-great-teacher-onizuka-tome-5.pdf
    • http://www.gorillawalker.com/the-rococo-room.pdf
    • http://www.gorillawalker.com/children-s-encyclopedia-of-knowledge.pdf
    • http://www.gorillawalker.com/eliminating-fratricide-from-attack-helicopter-fires-an-army-aviator-s.pdf
    • http://www.gorillawalker.com/islamic-spirituality-manifestations-world-spirituality-vol-2.pdf
    • http://www.gorillawalker.com/right-and-prejudice-prolegomena-to-a-hermeneutical-philosophy-of-law.pdf
    • http://www.gorillawalker.com/el-coraz-n-de-tram-rea-spanish-edition.pdf
    • http://www.gorillawalker.com/scholastic-reader-level-2-the-pooches-of-peppermint-park-dottie.pdf
    • http://www.gorillawalker.com/the-travels-of-benjamin-zuskin-judaic-traditions-in-literature-music.pdf
    • http://www.gorillawalker.com/the-book-on-networks-everything-you-need-to-know-about.pdf
    • http://www.gorillawalker.com/newswriting.pdf
    • http://www.gorillawalker.com/die-kunst-der-jonglerie-german-edition.pdf
    • http://www.gorillawalker.com/the-rolling-stones-chronicle-the-first-thirty-five-years.pdf
    • http://www.gorillawalker.com/conan-the-phantoms-of-the-black-coast.pdf
    • http://www.gorillawalker.com/nikki-giovanni-poet-of-the-people-african-american-biographies-enslow.pdf
    • http://www.gorillawalker.com/respiratory-physiology-basics-and-applications.pdf
    • http://www.gorillawalker.com/plain-talk-about-teeth.pdf
    • http://www.gorillawalker.com/marvelous-love-and-grace-of-god-jonah-s-story-kindle.pdf
    • http://www.gorillawalker.com/across-the-pacific-asian-americans-and-globalization-asia-society.pdf
    • http://www.gorillawalker.com/american-folk.pdf
    • http://www.gorillawalker.com/teens-health-obesity-gallup-youth-survey-major-issues-and-trends.pdf
    • http://www.gorillawalker.com/gan-jue-di-ji-lu-shu-hai-fu-cha-wen.pdf
    • http://www.gorillawalker.com/living-with-the-lama.pdf
    • http://www.gorillawalker.com/slow-cooker-freezer-recipes-40-meals-in-4-hours-freezer.pdf
    • http://www.gorillawalker.com/python-high-performance-programming.pdf
    • http://www.gorillawalker.com/the-9-steps-to-financial-freedom.pdf
    • http://www.gorillawalker.com/a-zen-life-in-nature-muso-soseki-in-his-gardens.pdf
    • http://www.gorillawalker.com/nelson-international-mathematics-2nd-edition-student-book-3.pdf
    • http://www.gorillawalker.com/relieve-menopause-with-acugenics.pdf
    • http://www.gorillawalker.com/critique-of-christian-origins-a-parallel-english-arabic-text-brigham.pdf
    • http://www.gorillawalker.com/a-fleeting-moment-in-my-country-the-last-years-of.pdf
    • http://www.gorillawalker.com/the-pastures-of-heaven-mandarin-classic.pdf
    • http://www.gorillawalker.com/a-guide-to-sources-of-consumer-information.pdf
    • http://www.gorillawalker.com/the-z-mirot-kumzitz-songbook-paperback-common.pdf
    • http://www.gorillawalker.com/human-behavior-in-the-social-environment-a-social-systems-approach.pdf
    • http://www.gorillawalker.com/the-economics-of-the-welfare-state.pdf
    • http://www.gorillawalker.com/from-mainframes-to-smartphones-a-history-of-the-international-computer.pdf
    • http://www.gorillawalker.com/the-wizard-of-oz-selections-from-andrew-lloyd-webber-s.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.