Malicious PDF — malware analysis report

Static analysis result for SHA-256 e92340255911ed09…

MALICIOUS

PDF

42.2 KB Created: 2018-11-15 18:32:48 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 6.0 (Windows))
MD5: a9afbbcd178990327af3ff9a03738c7d SHA-1: fb0da516ebab441e5ce5196d7aafcf76d40c6378 SHA-256: e92340255911ed0910eec2722c745df05b5c65884fd94ee423ad8301798246d4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected by ClamAV as Pdf.Dropper.Agent-7318808-0 and flagged by an ML classifier as malicious. It contains multiple embedded URLs pointing to PDF documents on the same domain, suggesting a dropper or downloader mechanism. The primary attack pattern involves luring the user to click on these links, which likely leads to the download of additional malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7318808-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7318808-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/craig-venter-dissecting-the-genome-trailblazers-in-science-and-technology.pdf
    • http://www.gorillawalker.com/jim-curious-a-voyage-to-the-heart-of-the-sea.pdf
    • http://www.gorillawalker.com/d-day-the-battle-of-normandy-bloodiest-battles.pdf
    • http://www.gorillawalker.com/luz-de-darien-la-una-aventura-de-indios-y-piratas.pdf
    • http://www.gorillawalker.com/ways-of-worldmaking.pdf
    • http://www.gorillawalker.com/understanding-terrorism-innovation-and-learning-al-qaeda-and-beyond-political.pdf
    • http://www.gorillawalker.com/turbo-for-4-timpani.pdf
    • http://www.gorillawalker.com/f-g-a-stone-leaving-no-stone-unturned-pathways-in.pdf
    • http://www.gorillawalker.com/chocolate-heaven-the-all-chocolate-cookbook.pdf
    • http://www.gorillawalker.com/the-langurs-of-abu-female-and-male-strategies-of-reproduction.pdf
    • http://www.gorillawalker.com/jazz-play-along-jazz-at-the-lounge-vol-95-cd.pdf
    • http://www.gorillawalker.com/sea-horses-true-books-animals.pdf
    • http://www.gorillawalker.com/for-the-love-of-classical-music-a-companion.pdf
    • http://www.gorillawalker.com/leisured-resistance-villas-literature-and-politics-in-the-roman-world.pdf
    • http://www.gorillawalker.com/stephane-grappelli-quality-paperbacks-series.pdf
    • http://www.gorillawalker.com/a-parent-s-guide-to-scholarship-tests.pdf
    • http://www.gorillawalker.com/girls-gone-carnal-lesbian-vamps-witches-and-weres.pdf
    • http://www.gorillawalker.com/bugsy-his-flamingo-the-testimony-of-virginia-hill.pdf
    • http://www.gorillawalker.com/guidelines-for-teachers-plans-for-development-of-expressive-connected-language.pdf
    • http://www.gorillawalker.com/african-art-virginia-museum-of-fine-arts.pdf
    • http://www.gorillawalker.com/the-standard-mbe-preparation-book-an-electronic-law-book-pre.pdf
    • http://www.gorillawalker.com/an-illustrated-coastal-year-the-seashore-uncovered-season-by-season.pdf
    • http://www.gorillawalker.com/satyagraha-the-gandhian-faith-in-non-violence-routledge-south-asian.pdf
    • http://www.gorillawalker.com/the-future-of-us-all-race-and-neighborhood-politics-in.pdf
    • http://www.gorillawalker.com/governmentality-power-and-rule-in-modern-society.pdf
    • http://www.gorillawalker.com/introduction-to-matlab-and-simulink-a-project-approach.pdf
    • http://www.gorillawalker.com/lonesome-angel-zoe-lionheart-book-9.pdf
    • http://www.gorillawalker.com/l-antibible-du-contr.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-and-administration-of-the-sacraments.pdf
    • http://www.gorillawalker.com/thermoforming-a-plastics-processing-guide.pdf
    • http://www.gorillawalker.com/humoring-the-body-emotions-and-the-shakespearean-stage.pdf
    • http://www.gorillawalker.com/brick-wonders-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/lays-of-ancient-rome.pdf
    • http://www.gorillawalker.com/caddy-lamb-kindle-edition.pdf
    • http://www.gorillawalker.com/pleasure-trips-by-underground.pdf
    • http://www.gorillawalker.com/solutions-2e-upper-intermediate-online-teachers-pack.pdf
    • http://www.gorillawalker.com/12-days-of-christmas.pdf
    • http://www.gorillawalker.com/cancer-2010-mini-day-to-day-calendar.pdf
    • http://www.gorillawalker.com/fundamentals-of-algebra.pdf
    • http://www.gorillawalker.com/the-consumption-reader.pdf
    • http://www.gorillawalker.com/understanding-terrorism-innovation-and-learning-al-qaeda-and-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.