Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4d6e57aa437d32d…

MALICIOUS

PDF

45.9 KB Created: 2019-02-12 19:46:43 +03:00 Authoring application: Word (via Acrobat PDFMaker 15 for Word)
MD5: d9364f4e70a70ff2ed3bdaaf5981cbc1 SHA-1: 8006a6c6e772f53b4a59c2361018a27c678485e6 SHA-256: e4d6e57aa437d32ddbc8d983a67198439f7faa3c992a9b04d074fdc4138ae5a8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is a PDF document that contains embedded URIs pointing to external PDF files. The ClamAV detection 'Pdf.Dropper.Agent-7140555-0' and the ML classifier strongly indicate malicious intent. The primary attack pattern observed is the use of embedded links to facilitate the download of further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7140555-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140555-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/choosing-a-fish-how-to-choose-and-care-for-a.pdf
    • http://www.gorillawalker.com/care-and-identification-of-19th-century-photographic-prints.pdf
    • http://www.gorillawalker.com/es-saradojos-ar-tevi-dzejoli.pdf
    • http://www.gorillawalker.com/mccall-s-illustrated-dinner-party-cookbook.pdf
    • http://www.gorillawalker.com/thermal-analysis-volume-3-organic-and-macromolecular-chemistry-ceramics-earth.pdf
    • http://www.gorillawalker.com/conducting-educational-research.pdf
    • http://www.gorillawalker.com/ancient-syriac-documents-relative-to-the-earliest-establishment-of-christianity.pdf
    • http://www.gorillawalker.com/food-safety-hazard-guidebook.pdf
    • http://www.gorillawalker.com/williams-sonoma-entertaining-thanksgiving-entertaining.pdf
    • http://www.gorillawalker.com/women-the-family-and-divorce-laws-in-islamic-history-contemporary.pdf
    • http://www.gorillawalker.com/if-heaven-is-so-great-why-can-t-i-go.pdf
    • http://www.gorillawalker.com/contagious-holiness-jesus-meals-with-sinners-new-studies-in-biblical.pdf
    • http://www.gorillawalker.com/ib-economics-standard-level-osc-ib-revision-guides-for-the.pdf
    • http://www.gorillawalker.com/the-art-of-raw-food-delicious-simple-dishes-for-healthy.pdf
    • http://www.gorillawalker.com/building-academic-success-on-social-and-emotional-learning-what-does.pdf
    • http://www.gorillawalker.com/the-phantom-chronicles-vol-2.pdf
    • http://www.gorillawalker.com/the-best-of-gourmet-the-world-at-your-table.pdf
    • http://www.gorillawalker.com/microwave-measurement-iee-electrical-measurement-series.pdf
    • http://www.gorillawalker.com/the-dark-side-of-the-landscape-the-rural-poor-in.pdf
    • http://www.gorillawalker.com/verbraucherleitbilder-europaische-und-interdisziplinare-perspektiven-schriften-zum-europaischen-und-internationalen.pdf
    • http://www.gorillawalker.com/virgin-islands-travel-guide-collins-traveller.pdf
    • http://www.gorillawalker.com/a-month-and-a-day-a-detention-diary.pdf
    • http://www.gorillawalker.com/communications-for-law-enforcement-professionals-2003-publication.pdf
    • http://www.gorillawalker.com/the-cowboy-s-autumn-fall-grass-valley-cowboys-book-4.pdf
    • http://www.gorillawalker.com/crescendos-and-diminuendos-meditations-for-musicians-and-music-lovers.pdf
    • http://www.gorillawalker.com/imagining-the-african-american-west-race-and-ethnicity-in-the.pdf
    • http://www.gorillawalker.com/reflections-on-the-folklife-festival-an-ethnography-of-participant-experience.pdf
    • http://www.gorillawalker.com/fracture-and-strength-of-solids-part-1-fracture-mechanics-of.pdf
    • http://www.gorillawalker.com/contemporary-security-management-second-edition.pdf
    • http://www.gorillawalker.com/eatiquette-s-the-main-course-on-table-service-skills-tips.pdf
    • http://www.gorillawalker.com/outsourcing-america-the-true-cost-of-shipping-jobs-overseas-and.pdf
    • http://www.gorillawalker.com/carpentry-and-exterior-finish-some-tricks-of-the-trade-from.pdf
    • http://www.gorillawalker.com/the-wilderness-chef-gourmet-recipes-for-the-great-outdoors.pdf
    • http://www.gorillawalker.com/how-to-win-the-mortgage-war-no-mortgage-no-debt.pdf
    • http://www.gorillawalker.com/billie-sol-estes-petitioner-v-united-states-u-s-supreme.pdf
    • http://www.gorillawalker.com/dramatic-literature-for-children-a-century-in-review.pdf
    • http://www.gorillawalker.com/best-canadian-resumes.pdf
    • http://www.gorillawalker.com/pages-volume-1-4-collection-cd.pdf
    • http://www.gorillawalker.com/science-fiction-and-fantasy-authors-a-bibliography-of-first-printings.pdf
    • http://www.gorillawalker.com/calcutta-society-and-change-1690-1990.pdf
    • http://www.gorillawalker.com/ancient-syriac-documents-relative-to-the-earliest
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.