Malicious PDF — malware analysis report

Static analysis result for SHA-256 eaab021e8d0b4289…

MALICIOUS

PDF

43.8 KB Created: 2018-11-23 08:00:35 +03:00 Authoring application: - (via ABBYY FineReader 9.0 Sprint)
MD5: a073a7efbdc432038780a812d35cd356 SHA-1: 6cb069db066bf548728b520f64a7f0006cd7c946 SHA-256: eaab021e8d0b42895b507f32f0b6c77e953e52e6b2da0b7f074ccbe293bd13a4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The PDF contains an embedded URI pointing to a suspicious URL, which is a common technique for delivering malware. ClamAV detection as 'Pdf.Dropper.Agent-7319567-0' and the ML classifier output further support its malicious nature. The embedded URL likely serves as a lure to download a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7319567-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7319567-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/outrageous-openness-letting-the-divine-take-the-lead-by-tosha.pdf
    • http://www.gorillawalker.com/philosophy-of-biological-science-prentice-hall-foundations-series.pdf
    • http://www.gorillawalker.com/end-of-the-world-the-last-days-volume-4.pdf
    • http://www.gorillawalker.com/by-jill-hamilton-the-ultimate-juices-and-smoothies-encyclopedia-hardcover.pdf
    • http://www.gorillawalker.com/perspectives-on-contemporary-issues.pdf
    • http://www.gorillawalker.com/natural-standard-herb-and-supplement-reference-evidence-based-clinical-reviews.pdf
    • http://www.gorillawalker.com/silver-palate-cookbook-25th-anniversary-edition.pdf
    • http://www.gorillawalker.com/la-f-sica-del-futuro-c-mo-la-ciencia-determinar.pdf
    • http://www.gorillawalker.com/african-visions-literary-images-political-change-and-social-struggle-in.pdf
    • http://www.gorillawalker.com/fundamentals-of-matrix-computations-2nd-edition-by-watkins-david-s.pdf
    • http://www.gorillawalker.com/chakras-the-ultimate-beginner-s-guide-to-meditating-healing-and.pdf
    • http://www.gorillawalker.com/guglielmo-tell-ricordi-opera-vocal-score-series.pdf
    • http://www.gorillawalker.com/milling-fundamentals-processes-and-technologies.pdf
    • http://www.gorillawalker.com/the-american-monetary-system-an-insider-s-view-of-financial.pdf
    • http://www.gorillawalker.com/honor-s-price-a-warriors-of-the-mist-novel.pdf
    • http://www.gorillawalker.com/we-call-thee.pdf
    • http://www.gorillawalker.com/edge-of-regret.pdf
    • http://www.gorillawalker.com/access-data-analysis-cookbook.pdf
    • http://www.gorillawalker.com/bhopal-the-inside-story.pdf
    • http://www.gorillawalker.com/the-entrepreneurial-state-debunking-public-vs-private-sector-myths.pdf
    • http://www.gorillawalker.com/process-safety-management-understand-the-elements-of-psm-29cfr-1910.pdf
    • http://www.gorillawalker.com/burning-blue-kindle-edition.pdf
    • http://www.gorillawalker.com/pistol-pete-heir-to-a-dream.pdf
    • http://www.gorillawalker.com/la-catrina-el-ultimo-secreto.pdf
    • http://www.gorillawalker.com/dartmoor-letterboxes.pdf
    • http://www.gorillawalker.com/chop-squads-molls-suckers-a-brief-dictionary-of-the-vernacular.pdf
    • http://www.gorillawalker.com/delhi-city-guide-travel-guide.pdf
    • http://www.gorillawalker.com/party-food-made-easy-canapes-tapas-fondues-sushi.pdf
    • http://www.gorillawalker.com/21-dias-de-dieta-metabolica-el-original-spanish-edition.pdf
    • http://www.gorillawalker.com/the-golden-apple-a-musical-in-two-acts-complete-vocal.pdf
    • http://www.gorillawalker.com/the-moon-riders.pdf
    • http://www.gorillawalker.com/la-maravillosa-vida-llena-del-esp-ritu-spanish-edition.pdf
    • http://www.gorillawalker.com/music-study-in-germany-the-classic-memoir-of-the-romantic.pdf
    • http://www.gorillawalker.com/ten-woodwind-trios-fl-ob-cl-or-3-fl-or.pdf
    • http://www.gorillawalker.com/fifty-shades-freed-book-three-of-the-fifty-shades-trilogy.pdf
    • http://www.gorillawalker.com/first-aid-for-the-comlex-second-edition-first-aid-series.pdf
    • http://www.gorillawalker.com/handbook-for-shooters-and-reloaders-volume-1.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-moore-notz-fligner-s-the-basic.pdf
    • http://www.gorillawalker.com/the-evolution-of-the-concepts-of-atman-and-moksa-in.pdf
    • http://www.gorillawalker.com/koneman-s-color-atlas-and-textbook-of-diagnostic-microbiology-6th.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.