Malicious PDF — malware analysis report

Static analysis result for SHA-256 da9f1889fe0b0669…

MALICIOUS

PDF

43.6 KB Created: 2018-12-15 20:06:53 +03:00 Authoring application: Acrobat Elements 10.0.0 (Windows)
MD5: 147438b2597d907c74ad94a8e58fd381 SHA-1: 4b4b74f202e150dd9041a5beaa501011bb22d8f2 SHA-256: da9f1889fe0b0669676612f3ac6d7a8645620ead5c1b5f46a90db5ba424c7f10
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified as a malicious PDF by multiple detection engines, including ClamAV and a machine learning classifier. A heuristic rule specifically flags an external URI pointing to 'http://www.gorillawalker.com/television-and-field-reporting.pdf'. This suggests the PDF's primary function is to act as a lure, directing users to download a secondary malicious file from the identified URL.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7147975-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7147975-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/television-and-field-reporting.pdf
    • http://www.gorillawalker.com/mystery-women-an-encyclopedia-of-leading-women-characters-in-mystery.pdf
    • http://www.gorillawalker.com/socialist-thought-a-documentary-history.pdf
    • http://www.gorillawalker.com/looseleaf-we-the-people-11e.pdf
    • http://www.gorillawalker.com/cinco-de-mayo-historias-de-fiestas-holiday-histories-spanish-edition.pdf
    • http://www.gorillawalker.com/the-live-sound-manual-getting-great-sound-at-every-gig.pdf
    • http://www.gorillawalker.com/gorlitz-zgorzelec-falk-plan-german-edition.pdf
    • http://www.gorillawalker.com/the-simpsons-2011-laugh-a-day-daily-desk-calendar.pdf
    • http://www.gorillawalker.com/waltzing-with-bears-managing-risk-on-software-projects.pdf
    • http://www.gorillawalker.com/georgia-automobile-insurance-law-including-tort-law-with-forms-2013.pdf
    • http://www.gorillawalker.com/a-family-forever.pdf
    • http://www.gorillawalker.com/the-sting-of-the-luftwaffe-schnellkampfgeschwader-210-and-zerstorergeschwader-1.pdf
    • http://www.gorillawalker.com/westclox-an-identification-and-price-guide.pdf
    • http://www.gorillawalker.com/contracts-licenses-includes-multiple-briefs-on-rubber-industry-developments-an.pdf
    • http://www.gorillawalker.com/thriving-and-spirituality-among-youth-research-perspectives-and-future-possibilities.pdf
    • http://www.gorillawalker.com/indwelling-sin-in-believers-paperback.pdf
    • http://www.gorillawalker.com/ki-61-and-ki-100-aces-aircraft-of-the-aces.pdf
    • http://www.gorillawalker.com/bimbo-boutique-bimbofication-menage-erotica-the-bimbofication-adventures-book-7.pdf
    • http://www.gorillawalker.com/it-s-not-okay-to-be-a-cannibal-how-to.pdf
    • http://www.gorillawalker.com/don-t-eat-the-baby.pdf
    • http://www.gorillawalker.com/88-chinese-medicine-secrets-how-to-cultivate-lifelong-health-wisdom.pdf
    • http://www.gorillawalker.com/uganda-nelles-maps.pdf
    • http://www.gorillawalker.com/structural-geology-of-southeastern-illinois-and-vicinity.pdf
    • http://www.gorillawalker.com/romance-bride-of-the-werewolf-werewolf-romance-paranormal-werewolf-mail.pdf
    • http://www.gorillawalker.com/on-lies-secrets-and-silence-selected-prose-1966-1978.pdf
    • http://www.gorillawalker.com/probes-to-the-planets-story-of-space.pdf
    • http://www.gorillawalker.com/country-walks-cottage-country.pdf
    • http://www.gorillawalker.com/a-fin-and-a-prayer-gil-and-fin-adventures-kindle.pdf
    • http://www.gorillawalker.com/stealing-the-mystic-lamb-the-true-story-of-the-world.pdf
    • http://www.gorillawalker.com/walking-the-choctaw-road-stories-from-red-people-memory.pdf
    • http://www.gorillawalker.com/the-vampire-originally-printed-as-the-vampyre.pdf
    • http://www.gorillawalker.com/the-dental-pulp-biology-pathology-and-regenerative-therapies.pdf
    • http://www.gorillawalker.com/avancemos-estudent-edition-dvd-level-2-2010.pdf
    • http://www.gorillawalker.com/heritage-eaters-insects-and-fungi-in-heritage-collections.pdf
    • http://www.gorillawalker.com/phoenix-suns-on-the-hardwood-nba-team-books.pdf
    • http://www.gorillawalker.com/sar-administration-iamsar-manual-2014-volume-1-imo-model-course.pdf
    • http://www.gorillawalker.com/eyeliner-of-the-gods.pdf
    • http://www.gorillawalker.com/eat-hawaiian-food-on-5-a-day.pdf
    • http://www.gorillawalker.com/starting-out-the-sicilian-dragon-starting-out-everyman-chess.pdf
    • http://www.gorillawalker.com/kata-the-key-to-understanding-and-dealing-with-the-japanese.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.