Pdf.Dropper.Agent-7393462-0 — PDF malware analysis

Static analysis result for SHA-256 e06c5135e2cf731d…

MALICIOUS

PDF

33.6 KB Created: 2019-09-30 03:01:25 +03:00 Authoring application: dvips(k) 5.90a Copyright 2002 Radical Eye Software (via AFPL Ghostscript 8.53)
MD5: d220ddfec411b87e7cfb9107af17c8b4 SHA-1: 41ae84a24b2ba1b1090f2d8784168de2fb848994 SHA-256: e06c5135e2cf731d1d81f9589783db1289f5e4caf82c8a5d4e04e0d91c199f32
92 Risk Score

Malware Insights

Pdf.Dropper.Agent-7393462-0 · confidence 95%

MITRE ATT&CK
T1204 Malicious File Execution T1059 Command and Scripting Interpreter

The file was detected by ClamAV as Pdf.Dropper.Agent-7393462-0, and an ML classifier also flagged it as malicious. The PDF contains embedded URLs pointing to various documents, suggesting it acts as a dropper for further malicious content. The primary function appears to be downloading and executing a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7393462-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7393462-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/planet-urth-the-underground-city-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/feminist-conversations-fuller-emerson-and-the-play-of-reading-reading.pdf
    • http://www.gorillawalker.com/habit-stacking-97-small-life-changes-that-take-five-minutes.pdf
    • http://www.gorillawalker.com/the-innovator-s-holy-grail-the-core-strategy-framework-for.pdf
    • http://www.gorillawalker.com/greek-tragedy-a-first-reading-selections-from-the-electra-plays.pdf
    • http://www.gorillawalker.com/the-six-pack-shortcut-ab-exercises-for-men-the-best.pdf
    • http://www.gorillawalker.com/the-true-basis-of-economics-or-the-law-of-independent.pdf
    • http://www.gorillawalker.com/restore-the-republic.pdf
    • http://www.gorillawalker.com/demon-possession-bbw-paranormal-erotica.pdf
    • http://www.gorillawalker.com/langmuir-probe-in-theory-and-practice.pdf
    • http://www.gorillawalker.com/sternenhimmel-lesen-lernen-macht-spass-dieses-buch-soll-kinder-anregen.pdf
    • http://www.gorillawalker.com/the-old-child-other-stories.pdf
    • http://www.gorillawalker.com/lectures-on-modern-magnetism.pdf
    • http://www.gorillawalker.com/fala-letramento-e-inclus.pdf
    • http://www.gorillawalker.com/steampunk.pdf
    • http://www.gorillawalker.com/getting-past-the-gatekeeper-inside-secrets-simple-tips-and-proven.pdf
    • http://www.gorillawalker.com/the-law-of-the-somalis-a-stable-foundation-for-economic.pdf
    • http://www.gorillawalker.com/digital-terrain-modeling-acquisition-manipulation-and-applications-artech-house-remote.pdf
    • http://www.gorillawalker.com/spies-vixens-and-masters-of-kung-fu-dlx-the-art.pdf
    • http://www.gorillawalker.com/the-places-of-history-regionalism-revisited-in-latin-america-places.pdf
    • http://www.gorillawalker.com/the-bill-of-rights-today-constitutional-limits-on-the-powers.pdf
    • http://www.gorillawalker.com/birnbaum-s-disneyland-2013-birnbaum-guides.pdf
    • http://www.gorillawalker.com/the-ethical-will-writing-guide-workbook.pdf
    • http://www.gorillawalker.com/devon-waymark-red-guides.pdf
    • http://www.gorillawalker.com/eight-dramas-of-calderon.pdf
    • http://www.gorillawalker.com/complete-guide-to-travel-agency-automation-travel-management-library.pdf
    • http://www.gorillawalker.com/crsi-design-handbook.pdf
    • http://www.gorillawalker.com/from-rationalism-to-existentialism-the-existentialists-and-their-nineteenth-century.pdf
    • http://www.gorillawalker.com/the-college-portable-mba-set.pdf
    • http://www.gorillawalker.com/what-are-the-jobs-of-the-future-at-issue.pdf
    • http://www.gorillawalker.com/lead-zinc-2010.pdf
    • http://www.gorillawalker.com/southwest-dutch-oven.pdf
    • http://www.gorillawalker.com/vietnam-travel-adventures-kindle-edition.pdf
    • http://www.gorillawalker.com/cave-worms-from-outer-space-parts-four-five-and-six.pdf
    • http://www.gorillawalker.com/the-musical-art-of-synthesis.pdf
    • http://www.gorillawalker.com/10-hymns-and-gospel-songs-medium-low-voice-book-cd.pdf
    • http://www.gorillawalker.com/a-season-of-joy-celebrating-the-true-meaning-of-christmas.pdf
    • http://www.gorillawalker.com/interest-groups-unleashed.pdf
    • http://www.gorillawalker.com/is-man-to-survive-science.pdf
    • http://www.gorillawalker.com/the-essential-rene-magritte-essential-harry-n-abrams.pdf
    • http://www.gorillawalker.com/st
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.