Malicious PDF — malware analysis report

Static analysis result for SHA-256 d9c914a540b77147…

MALICIOUS

PDF

31.7 KB Created: 2019-11-23 19:36:04 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 14aa32c7fb8cad00385653cde8a25b42 SHA-1: 20278a267a44b0a51260e6d0a9634b0b63608bfd SHA-256: d9c914a540b77147918edcbd0a7e048d5fa82d243eb7d6fa0cfb70802e9a200b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains an embedded URI pointing to a remote PDF file. ClamAV detected this file as Pdf.Dropper.Agent-7457665-0, indicating it likely acts as a dropper for further malicious content. The ML classifier also flagged it as malicious. The primary attack pattern involves luring the user to download a malicious PDF from the provided URL.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7457665-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7457665-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/forge-a-new-blade-the-laredo-war-volume-2.pdf
    • http://www.gorillawalker.com/remembering-the-kanji-2-a-systematic-guide-to-reading-japanese.pdf
    • http://www.gorillawalker.com/vampire-dawn.pdf
    • http://www.gorillawalker.com/rocket-science-for-the-rest-of-us.pdf
    • http://www.gorillawalker.com/this-is-a-chair.pdf
    • http://www.gorillawalker.com/the-2007-2012-world-outlook-for-16-gauge-and-heavier.pdf
    • http://www.gorillawalker.com/tribal-ethnography-of-nepal.pdf
    • http://www.gorillawalker.com/zebra-stripes-go-head-to-toe-shapes-and-spaces.pdf
    • http://www.gorillawalker.com/christmas-lullaby-folk-song-piano-solo.pdf
    • http://www.gorillawalker.com/the-predictive-mind.pdf
    • http://www.gorillawalker.com/emission-detectors.pdf
    • http://www.gorillawalker.com/candida-mia-colomba-voice-piano.pdf
    • http://www.gorillawalker.com/vela.pdf
    • http://www.gorillawalker.com/naked-city-the-death-and-life-of-authentic-urban-places.pdf
    • http://www.gorillawalker.com/the-evolving-bassist.pdf
    • http://www.gorillawalker.com/greensboro-highpoint-north-carol-usa-sectional-maps.pdf
    • http://www.gorillawalker.com/poor-matza-selected-stories-of-avrom-reisen-translated-from-the.pdf
    • http://www.gorillawalker.com/free-to-deceive-a-katie-freeman-mystery-katie-freeman-mysteries.pdf
    • http://www.gorillawalker.com/you-buy-skin-care-products-are-junk-or-treasure-chinese.pdf
    • http://www.gorillawalker.com/andante-e-rondo-ongarese-op-35-version-for-bassoon-and.pdf
    • http://www.gorillawalker.com/victorian-conversion-narratives-and-reading-communities.pdf
    • http://www.gorillawalker.com/let-s-sign-bsl-christmas-signs.pdf
    • http://www.gorillawalker.com/playing-with-pop-ups-the-art-of-dimensional-moving-paper.pdf
    • http://www.gorillawalker.com/penina-uliuli-contemporary-challenges-in-mental-health-for-pacific-peoples.pdf
    • http://www.gorillawalker.com/corruptions-et-cr-dulit-en-m-decine-french-edition.pdf
    • http://www.gorillawalker.com/mastering-eskrima-disarms.pdf
    • http://www.gorillawalker.com/adrift-charting-our-course-back-to-a-great-nation.pdf
    • http://www.gorillawalker.com/best-of-the-best.pdf
    • http://www.gorillawalker.com/the-older-sophists.pdf
    • http://www.gorillawalker.com/godspell-vocal-selections.pdf
    • http://www.gorillawalker.com/ordeal-by-ice-the-search-for-northwest-passage.pdf
    • http://www.gorillawalker.com/the-egyptian-calendar-a-work-for-eternity.pdf
    • http://www.gorillawalker.com/olivia-saves-the-circus.pdf
    • http://www.gorillawalker.com/haiti-s-influence-on-antebellum-america-slumbering-volcano-in-the.pdf
    • http://www.gorillawalker.com/there-are-no-figure-eights-in-hockey-sports-illustrated-kids.pdf
    • http://www.gorillawalker.com/the-boy-fortune-hunters-in-alaska.pdf
    • http://www.gorillawalker.com/mims-medical-microbiology-with-student-consult-online-access-5e-medical.pdf
    • http://www.gorillawalker.com/benjamin-franklin-and-a-case-of-christmas-murder.pdf
    • http://www.gorillawalker.com/living-with-prostate-cancer-a-patient-s-survival-guide.pdf
    • http://www.gorillawalker.com/the-life-of-our-lord-illustrated-200th-anniversary-edition.pdf
    • http://www.gorillawalker.com/free-to-deceive-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.