Malicious PDF — malware analysis report

Static analysis result for SHA-256 f1b0275c0223c3ef…

MALICIOUS

PDF

44.9 KB Created: 2018-11-23 08:06:01 +03:00 Authoring application: GPL Ghostscript 8.64 (via Adobe PDF Library 8.0)
MD5: a7a2849f2636b8b7956f3b5a4f199dbc SHA-1: 379fcef68a704dc6687d1f0b4b61575f45cabe93 SHA-256: f1b0275c0223c3efa44dbf6245e1f0efc155309bb38e03630d42ab7ed2b53bb1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected by ClamAV as Pdf.Dropper.Agent-7322831-0 and flagged by an ML classifier, indicating malicious intent. The PDF contains multiple embedded URLs, with the primary one being http://www.gorillawalker.com/consultation-with-a-midwife-sensitive-natural-guidance-through-pregnancy-childbirth.pdf. This suggests the PDF acts as a dropper, likely intended to download and execute a second-stage payload from one of these external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7322831-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7322831-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/consultation-with-a-midwife-sensitive-natural-guidance-through-pregnancy-childbirth.pdf
    • http://www.gorillawalker.com/ramona-sheet-music-paperback.pdf
    • http://www.gorillawalker.com/android-tablets-for-beginners-seniors-easy-step-user-guide-all.pdf
    • http://www.gorillawalker.com/terminator-2-judgement-day-3-cybernetic-dawn-terminator-2-2.pdf
    • http://www.gorillawalker.com/glencoe-chemistry-matter-and-change-forensics-laboratory-manual-teacher-edition.pdf
    • http://www.gorillawalker.com/amish-fire-the-amish-of-lawrence-county-pa.pdf
    • http://www.gorillawalker.com/silver-return-to-treasure-island.pdf
    • http://www.gorillawalker.com/la-forza-del-destino-act-iv-duetto-del-mondo-i.pdf
    • http://www.gorillawalker.com/iec-61508-7-ed-1-0-b-2000-functional-safety.pdf
    • http://www.gorillawalker.com/bible-wines-or-the-laws-of-fermentation-and-wines-of.pdf
    • http://www.gorillawalker.com/dictionary-of-the-printers-and-booksellers-who-were-at-work.pdf
    • http://www.gorillawalker.com/callaloo-calypso-carnival-the-cuisine-of-trinidad-and-tobago.pdf
    • http://www.gorillawalker.com/tales-from-the-crypt-the-official-archives-including-the-complete.pdf
    • http://www.gorillawalker.com/financial-accounting-with-ifrs.pdf
    • http://www.gorillawalker.com/cmmi-appraisal-insights-the-secrets-of-scampi-how-the-new.pdf
    • http://www.gorillawalker.com/applications-of-point-set-theory-in-real-analysis-mathematics-and.pdf
    • http://www.gorillawalker.com/simple-stories-vintage-international.pdf
    • http://www.gorillawalker.com/managing-engineering-and-technology-5th-edition.pdf
    • http://www.gorillawalker.com/no-more-nice-girls-countercultural-essays.pdf
    • http://www.gorillawalker.com/agile-project-management-for-dummies-for-dummies-lifestyles-paperback-of.pdf
    • http://www.gorillawalker.com/law-against-unfair-competition-towards-a-new-paradigm-in-europe.pdf
    • http://www.gorillawalker.com/shifting-the-blame-literature-law-and-the-theory-of-accidents.pdf
    • http://www.gorillawalker.com/romancing-the-horse.pdf
    • http://www.gorillawalker.com/manual-del-mentor-mentor-manual-spanish-edition.pdf
    • http://www.gorillawalker.com/math-facts-survival-guide-to-basic-mathematics-mathematics-series.pdf
    • http://www.gorillawalker.com/the-american-voting-experience-report-and-recommendations-of-the-presidential.pdf
    • http://www.gorillawalker.com/warriors.pdf
    • http://www.gorillawalker.com/fantasy-cartooning.pdf
    • http://www.gorillawalker.com/54-approaches-to-managing-change-at-work.pdf
    • http://www.gorillawalker.com/please-tell-me-i-m-on-mute.pdf
    • http://www.gorillawalker.com/routard-the-dordogne-and-aquitaine.pdf
    • http://www.gorillawalker.com/cocktails-and-shooters-with-dirty-names.pdf
    • http://www.gorillawalker.com/god-s-generals-the-missionaries.pdf
    • http://www.gorillawalker.com/canadian-literature-in-english-volume-two.pdf
    • http://www.gorillawalker.com/the-1950s-my-family-remembers.pdf
    • http://www.gorillawalker.com/image-analysis-classification-and-change-detection-in-remote-sensing-with.pdf
    • http://www.gorillawalker.com/rascal-trapped-on-the-tracks.pdf
    • http://www.gorillawalker.com/el-arte-moderna-en-los-tiempos-de-picasso-el-arte.pdf
    • http://www.gorillawalker.com/bound-hearts-submission-seduction.pdf
    • http://www.gorillawalker.com/how-i-write-secrets-of-a-bestselling-author.pdf
    • http://www.gorillawalker.com/silver-return-to-t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.