Malicious PDF — malware analysis report

Static analysis result for SHA-256 e188d4ea9404c8f2…

MALICIOUS

PDF

45.8 KB Created: 2018-11-23 21:08:52 +03:00 Authoring application: DocBook XSL Stylesheets with Apache FOP (via Apache FOP Version 1.1)
MD5: d40b3686125a331dd95bc8c22b9a055d SHA-1: acf1b6d4ada34a46789b75275babd00aa29c2d0e SHA-256: e188d4ea9404c8f2dcc62e4939c868dc4bc7a216d7e508d934d28f02e813616b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file was detected as malicious by ClamAV with the signature Pdf.Dropper.Agent-7314886-0. Static analysis revealed multiple embedded URLs pointing to PDF files on the same domain, suggesting a dropper functionality. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted, but the presence of numerous external URLs indicates the primary intent is to download and execute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7314886-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7314886-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/structural-details-for-masonry-construction.pdf
    • http://www.gorillawalker.com/the-american-democracy-with-powerweb.pdf
    • http://www.gorillawalker.com/final-assault-executioner.pdf
    • http://www.gorillawalker.com/department-of-the-army-pamphlet-da-pam-385-61-toxic.pdf
    • http://www.gorillawalker.com/2013-songwriter-s-market-paperback-2012-author-roseann-biederman.pdf
    • http://www.gorillawalker.com/10-days-to-a-less-defiant-child-second-edition-the.pdf
    • http://www.gorillawalker.com/cain-s-legacy-liberating-siblings-from-a-lifetime-of-rage.pdf
    • http://www.gorillawalker.com/out-of-print-newspapers-journalism-and-the-business-of-news.pdf
    • http://www.gorillawalker.com/book-of-challenges-dungeon-rooms-puzzles-and-traps-dungeons-dragons.pdf
    • http://www.gorillawalker.com/zero-at-the-bone.pdf
    • http://www.gorillawalker.com/program-theory-in-evaluation-challenges-and-opportunities-new-directions-for.pdf
    • http://www.gorillawalker.com/a-horse-racing-system-based-on-a-statistical-approach-to.pdf
    • http://www.gorillawalker.com/case-closed-vol-12-who-shanked-teddy-kindle-edition.pdf
    • http://www.gorillawalker.com/conversations-with-kafka-second-edition-new-directions-paperbook.pdf
    • http://www.gorillawalker.com/lifetime-health-teacher-s-edition-2009.pdf
    • http://www.gorillawalker.com/gay-camping-trip-gay-straight-mm-erotica-jock-and-nerd.pdf
    • http://www.gorillawalker.com/powder-metallurgy-science-technology-and-materials.pdf
    • http://www.gorillawalker.com/heaven-s-fury-g-unit.pdf
    • http://www.gorillawalker.com/the-way-of-improvement-leads-home-philip-vickers-fithian-and.pdf
    • http://www.gorillawalker.com/underwater-alphabet-sea-shapes-grades-pk-k-two-in-one.pdf
    • http://www.gorillawalker.com/human-form-human-function-essentials-of-anatomy-physiology-point-lippincott.pdf
    • http://www.gorillawalker.com/canada-u-s-relations.pdf
    • http://www.gorillawalker.com/hunted-by-the-skinhead-alpha-first-time-gay-erotica.pdf
    • http://www.gorillawalker.com/ogres-creatures-of-fantasy.pdf
    • http://www.gorillawalker.com/a-butterfly-s-life-cycle-cycles-in-nature.pdf
    • http://www.gorillawalker.com/electrotechnology-in-mining.pdf
    • http://www.gorillawalker.com/data-protection-law-for-employers-2008-implications-of-the-new.pdf
    • http://www.gorillawalker.com/the-essential-guide-to-date-rape-prevention-how-to-avoid.pdf
    • http://www.gorillawalker.com/looking-through-my-mother-s-eyes-life-stories-of-nine.pdf
    • http://www.gorillawalker.com/perioperative-nursing-an-introductory-text-1e.pdf
    • http://www.gorillawalker.com/fart-free-vegan-food-combining-for-detox-weight-loss-and.pdf
    • http://www.gorillawalker.com/occupational-outlook-handbook-1998-99-occupational-outlook-handbook-g-p.pdf
    • http://www.gorillawalker.com/student-solution-manual-for-moore-stanitski-jurs-chemistry-the-molecular.pdf
    • http://www.gorillawalker.com/mystery-of-the-mona-lisa.pdf
    • http://www.gorillawalker.com/almost-fat-free-down-home-cooking.pdf
    • http://www.gorillawalker.com/the-tabernacle-in-the-wilderness-god-s-marvelous-revelations-concerning.pdf
    • http://www.gorillawalker.com/encounters-with-pan-and-the-elemental-kingdom.pdf
    • http://www.gorillawalker.com/cholera-deadly-diseases-and-epidemics.pdf
    • http://www.gorillawalker.com/growing-democracy-in-japan-the-parliamentary-cabinet-system-since-1868.pdf
    • http://www.gorillawalker.com/fire-from-first-principles-cl.pdf
    • http://www.gorillawalker.com/cain-s
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.