Malicious PDF — malware analysis report

Static analysis result for SHA-256 f20c2dff73f0a2b6…

MALICIOUS

PDF

41.8 KB Created: 2019-04-09 01:13:57 +03:00 Authoring application: Acrobat PDFMaker 9.1 for Word (via Adobe PDF Library 9.0)
MD5: 28042e9a3e3287b9e439e4727f6614b3 SHA-1: a3871193edcb02034d8e3ba62364974ba6894990 SHA-256: f20c2dff73f0a2b67a707ae156a923e9fb7c97d6cc315ba4df9d63e5eca917b1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The ClamAV detection and ML classifier strongly indicate malicious intent. The PDF contains multiple external URIs, with the primary one being http://www.gorillawalker.com/eternal-quest-life-and-times-of-dr-avul-pakir-jainulabdeen.pdf. This suggests the PDF acts as a dropper, attempting to trick the user into downloading a secondary malicious payload from the specified URL.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7067768-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7067768-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/eternal-quest-life-and-times-of-dr-avul-pakir-jainulabdeen.pdf
    • http://www.gorillawalker.com/pots-did-stop.pdf
    • http://www.gorillawalker.com/shoulder-of-mutton-field.pdf
    • http://www.gorillawalker.com/sorry-i-pooped-in-your-shoe-and-other-heartwarming-letters.pdf
    • http://www.gorillawalker.com/let-s-read-about-brazil.pdf
    • http://www.gorillawalker.com/el-libro-de-los-arroces-de-mam-grande-spanish-edition.pdf
    • http://www.gorillawalker.com/emeralds-fred-ward-gem-books.pdf
    • http://www.gorillawalker.com/home-health-massage-simple-routines-for-yourself-your-friends-and.pdf
    • http://www.gorillawalker.com/der-v.pdf
    • http://www.gorillawalker.com/women-in-the-victorian-art-world.pdf
    • http://www.gorillawalker.com/sharia-versus-freedom-the-legacy-of-islamic-totalitarianism-kindle-edition.pdf
    • http://www.gorillawalker.com/social-entrepreneurship-in-the-middle-east-volume-1.pdf
    • http://www.gorillawalker.com/the-nursery-collection-ten-favourite-picture-books-picture-mammoth.pdf
    • http://www.gorillawalker.com/thomas-pynchon-bloom-s-major-novelists.pdf
    • http://www.gorillawalker.com/emanuel-law-outlines-torts-keyed-to-prosser-11e-paperback.pdf
    • http://www.gorillawalker.com/astrance-a-cook-s-book-deluxe-version-in-slipcase.pdf
    • http://www.gorillawalker.com/calculus-and-its-applications-annotated-instructor-s-edition.pdf
    • http://www.gorillawalker.com/tennis-my-favorite-sport.pdf
    • http://www.gorillawalker.com/gandhi-a-brief-insight.pdf
    • http://www.gorillawalker.com/multistate-workbook-3.pdf
    • http://www.gorillawalker.com/antique-sealed-bottles-1640-1900-and-the-families-that-owned.pdf
    • http://www.gorillawalker.com/embattled-eros-sexual-politics-and-ethics-in-contemporary-america-thinking.pdf
    • http://www.gorillawalker.com/el-crucero-secreto-spanish-edition.pdf
    • http://www.gorillawalker.com/coaching-the-shotgun-triple-option-kindle-edition.pdf
    • http://www.gorillawalker.com/the-interconnectedness-of-reality-a-speculative-reinterpretation-of-relativity-and.pdf
    • http://www.gorillawalker.com/suite-seventeen-black-lace-classics.pdf
    • http://www.gorillawalker.com/the-tragedy-of-bleiburg-and-viktring-1945.pdf
    • http://www.gorillawalker.com/chambers-dictionary-of-synonyms-and-antonyms.pdf
    • http://www.gorillawalker.com/a-woman-doctor-s-guide-to-miscarriage-essential-facts-and.pdf
    • http://www.gorillawalker.com/the-curse-of-service.pdf
    • http://www.gorillawalker.com/the-four-books-of-architecture-dover-architecture.pdf
    • http://www.gorillawalker.com/black-gotham-a-family-history-of-african-americans-in-nineteenth.pdf
    • http://www.gorillawalker.com/housewives-at-play-king-size-special.pdf
    • http://www.gorillawalker.com/going-down-south-a-hot-interracial-bwwm-cowboy-erotic-story.pdf
    • http://www.gorillawalker.com/ancient-mystery-of-mackinaw.pdf
    • http://www.gorillawalker.com/the-tangente-from-nomos-glashutte-design-classics-series.pdf
    • http://www.gorillawalker.com/days-of-darkness-the-feuds-of-eastern-kentucky.pdf
    • http://www.gorillawalker.com/write-source-interactive-writing-skills-cd-rom-grade-3-2006.pdf
    • http://www.gorillawalker.com/essential-mathematics-for-games-and-interactive-applications-digital.pdf
    • http://www.gorillawalker.com/christmas-echo-concerto-for-solo-string-quartet-and-string-orchestra.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.