Malicious PDF — malware analysis report

Static analysis result for SHA-256 e6f31fb74f13d987…

MALICIOUS

PDF

44.5 KB Created: 2018-11-23 21:03:42 +03:00 Authoring application: - (via ProcessText Group)
MD5: a7d5692ffb47ec277a1b07999bf64db2 SHA-1: c53195b8d7522f42937a595eccfc5447f2d1a555 SHA-256: e6f31fb74f13d987ef4e26bb35d9a12a98e83f1af675e5eb37c824b935219cf4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document identified as malicious by ClamAV and an ML classifier. It contains an embedded URL pointing to another PDF file, suggesting a lure to download further malicious content. The PDF_URI heuristic confirms the presence of an external URI within the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7317667-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7317667-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-travelling-actress-in-the-north-and-scotland-memoirs-of.pdf
    • http://www.gorillawalker.com/the-silk-road-beyond-the-celestial-kingdom.pdf
    • http://www.gorillawalker.com/thick-of-it-the-missing-dosac-files.pdf
    • http://www.gorillawalker.com/in-service-to-their-country-christchurch-school-and-the-american.pdf
    • http://www.gorillawalker.com/iso-4318-1989-surface-active-agents-and-soaps-determination-of.pdf
    • http://www.gorillawalker.com/protected-by-a-seal-hot-seals.pdf
    • http://www.gorillawalker.com/writing-for-the-mass-media-6th-edition.pdf
    • http://www.gorillawalker.com/orbit-and-neuro-ophthalmic-imaging-an-issue-of-neuroimaging-clinics.pdf
    • http://www.gorillawalker.com/tsugaru-poetry-writings-photography.pdf
    • http://www.gorillawalker.com/three-gothic-novels-the-castle-of-otranto-vathek-frankenstein.pdf
    • http://www.gorillawalker.com/the-first-americans-in-pursuit-of-archaeology-s-greatest-mystery.pdf
    • http://www.gorillawalker.com/elvis-and-the-underdogs.pdf
    • http://www.gorillawalker.com/lake-county-and-the-great-lake-region-of-florida-a.pdf
    • http://www.gorillawalker.com/the-no-dairy-breast-cancer-prevention-program-how-one-scientist.pdf
    • http://www.gorillawalker.com/easy-web-development-with-wavemaker.pdf
    • http://www.gorillawalker.com/menace-of-the-nutanator-garfield-s-pet-force.pdf
    • http://www.gorillawalker.com/the-white-wolf-valancourt-20th-century-classics.pdf
    • http://www.gorillawalker.com/por-que-mi-hijo-se-parece-a-su-abuela-why.pdf
    • http://www.gorillawalker.com/castle-fast-forward-franklin-watts-hardcover.pdf
    • http://www.gorillawalker.com/historical-records-of-the-british-army-comprising-the-history-of.pdf
    • http://www.gorillawalker.com/the-everything-lateral-thinking-puzzles-book-hundreds-of-puzzles-to.pdf
    • http://www.gorillawalker.com/the-crow-true-books-american-indians.pdf
    • http://www.gorillawalker.com/one-page-composer-bios-50-reproducible-biographies-of-famous-composers.pdf
    • http://www.gorillawalker.com/the-essentials-of-clinical-health-psychology.pdf
    • http://www.gorillawalker.com/the-loathsome-dragon.pdf
    • http://www.gorillawalker.com/the-historical-atlas-of-world-war-i-henry-holt-reference.pdf
    • http://www.gorillawalker.com/jesus-in-the-lotus-the-mystical-doorway-between-christianity-and.pdf
    • http://www.gorillawalker.com/sotheby-s-catalogue-of-scientific-instruments-watches-and-clocks-thursday.pdf
    • http://www.gorillawalker.com/blended-families-yours-mine-ours.pdf
    • http://www.gorillawalker.com/terapia-ocupacional-y-exclusi-n-social-hacia-una-praxis-basada.pdf
    • http://www.gorillawalker.com/defeating-sin-overcoming-our-passions-and-changing-forever.pdf
    • http://www.gorillawalker.com/prentice-hall-s-federal-taxation-2016-individuals-29th-edition.pdf
    • http://www.gorillawalker.com/the-cold-war-questions-and-analysis-in-history.pdf
    • http://www.gorillawalker.com/clay-matthews-amazing-athletes.pdf
    • http://www.gorillawalker.com/diary-of-an-oil-expat-family.pdf
    • http://www.gorillawalker.com/my-neighbor-s-bbc.pdf
    • http://www.gorillawalker.com/tunable-rf-components-and-circuits-applications-in-mobile-handsets-devices.pdf
    • http://www.gorillawalker.com/british-goblins-welsh-folk-lore-fairy-mythology-legends-and-traditions.pdf
    • http://www.gorillawalker.com/fuchsias-a-colour-guide.pdf
    • http://www.gorillawalker.com/counting-house.pdf
    • http://www.gorillawalker.com/in-service-to-their-country-christchurch-school-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.