Pdf.Dropper.Agent-7319328-0 — PDF malware analysis

Static analysis result for SHA-256 ea1548509ced8eac…

MALICIOUS

PDF

42.6 KB Created: 2018-12-15 20:01:48 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.10b)
MD5: 0ca44e6b48cf9f361f9ab1ac9140756f SHA-1: 136d452bfe767f58474105ecf1396bbd4e855022 SHA-256: ea1548509ced8eac5d527634e6d1bb06fbd34ec57b7bac469fd008bd5fb75aa1
92 Risk Score

Malware Insights

Pdf.Dropper.Agent-7319328-0 · confidence 95%

MITRE ATT&CK
T1204.002 Malicious File

The file was detected as malicious by ClamAV with the signature Pdf.Dropper.Agent-7319328-0. ML classifiers also flagged it with high confidence. The PDF contains multiple embedded URLs, with the primary one being http://www.gorillawalker.com/blame-it-on-beckett.pdf, suggesting it acts as a dropper for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7319328-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7319328-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/blame-it-on-beckett.pdf
    • http://www.gorillawalker.com/softball-skills-drills.pdf
    • http://www.gorillawalker.com/kingfish-the-reign-of-huey-p-long.pdf
    • http://www.gorillawalker.com/the-road-to-equality-american-women-since-1962-young-oxford.pdf
    • http://www.gorillawalker.com/naked-society.pdf
    • http://www.gorillawalker.com/the-cotswolds-insight-compact-guide-insight-compact-guides.pdf
    • http://www.gorillawalker.com/king-size-kirby-slipcase.pdf
    • http://www.gorillawalker.com/before-and-after-page-design.pdf
    • http://www.gorillawalker.com/the-slow-fix-solve-problems-work-smarter-and-live-better.pdf
    • http://www.gorillawalker.com/historias-detras-de-la-historia-de-colombia-v-1-memoria.pdf
    • http://www.gorillawalker.com/the-world-s-greatest-wacky-one-line-jokes.pdf
    • http://www.gorillawalker.com/the-armed-transport-bounty-anatomy-of-the-ship.pdf
    • http://www.gorillawalker.com/coral-reef-fishes-indo-pacific-and-caribbean-princeton-pocket-guides.pdf
    • http://www.gorillawalker.com/daniel-boone-and-others-on-the-kentucky-frontier-autobiographies-and.pdf
    • http://www.gorillawalker.com/narrative-of-the-operations-and-recent-discoveries-within-the-pyramids.pdf
    • http://www.gorillawalker.com/divorce-in-ohio-a-people-s-guide-to-marriage-divorce.pdf
    • http://www.gorillawalker.com/zookeeper-distributed-process-coordination-kindle-edition.pdf
    • http://www.gorillawalker.com/sound-science-view.pdf
    • http://www.gorillawalker.com/the-impressionists-usborne-young-reading-series-three.pdf
    • http://www.gorillawalker.com/make-it-in-a-muffin-tin.pdf
    • http://www.gorillawalker.com/the-lon-williams-weird-western-megapack-25-fantastic-western-stories.pdf
    • http://www.gorillawalker.com/the-next-evolution-enhancing-and-unifying-project-and-change-management.pdf
    • http://www.gorillawalker.com/hal-leonard-the-baroque-ukulele-a-jumpin-jim-s-ukulele.pdf
    • http://www.gorillawalker.com/focal-easy-guide-to-final-cut-express-for-new-users.pdf
    • http://www.gorillawalker.com/planning-effective-instruction-diversity-responsive-methods-and-management.pdf
    • http://www.gorillawalker.com/mining-deaths-in-great-britain-1910-14-v-7.pdf
    • http://www.gorillawalker.com/the-tyrant-s-daughter.pdf
    • http://www.gorillawalker.com/reality-chick.pdf
    • http://www.gorillawalker.com/independent-study-program-100-resource-cards-2e.pdf
    • http://www.gorillawalker.com/electromagnetism-oxford-physics.pdf
    • http://www.gorillawalker.com/you-wouldn-t-want-to-be-a-roman-gladiator-gory.pdf
    • http://www.gorillawalker.com/amoxicillin-medical-uses-mechanism-of-action-and-potential-adverse-effects.pdf
    • http://www.gorillawalker.com/illustrated-dance-routines-waltz-fox-trot-one-step-tango-for.pdf
    • http://www.gorillawalker.com/equivalences-translation-difficulties-and-devices-french-english-english-french-english.pdf
    • http://www.gorillawalker.com/the-war-of-art-steven-pressfield-book-summary-of-the.pdf
    • http://www.gorillawalker.com/speaking-the-incomprehensible-god-thomas-aquinas-on-the-interplay-of.pdf
    • http://www.gorillawalker.com/buddhist-scriptures-and-literature.pdf
    • http://www.gorillawalker.com/new-techniques-for-examining-the-brain-gray-matter.pdf
    • http://www.gorillawalker.com/the-practical-art-of-baby-massage.pdf
    • http://www.gorillawalker.com/the-musculoskeletal-system.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.