Malicious PDF — malware analysis report

Static analysis result for SHA-256 f2265c9ec6d8a35b…

MALICIOUS

PDF

41.8 KB Created: 2019-03-17 06:54:25 +03:00 Authoring application: Microsoft® Word 2013
MD5: 320bffc36c685349460798bcd1d441d5 SHA-1: 918c444f1c6d9eaa15548d4929f213dda38d773d SHA-256: f2265c9ec6d8a35b4cdc6d60741ca604abc2f81a41d563778b13ffdafb27879e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file was detected by ClamAV as Pdf.Dropper.Agent-7136956-0 and flagged by an ML classifier, indicating malicious intent. The PDF contains numerous embedded URLs pointing to external resources, suggesting a dropper or downloader functionality. The primary attack pattern involves redirecting the user to these URLs, likely to serve further malicious payloads or phishing content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7136956-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7136956-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/concerto-grosso-in-b-minor-hwv-330-full-score-a7869.pdf
    • http://www.gorillawalker.com/toproping-how-to-climb-series.pdf
    • http://www.gorillawalker.com/swampmeet-a-gator-counting-book.pdf
    • http://www.gorillawalker.com/graph-drawing-12th-international-symposium-gd-2004-new-york-ny.pdf
    • http://www.gorillawalker.com/all-is-forgiven.pdf
    • http://www.gorillawalker.com/the-incorruptible-maximilien-robespierre-and-the-terror.pdf
    • http://www.gorillawalker.com/pcr-protocols-vol-226-methods-in-molecular-biology-volume-226.pdf
    • http://www.gorillawalker.com/toward-a-more-perfect-union-introduction-to-american-government.pdf
    • http://www.gorillawalker.com/on-the-hunt-callisto-hyacinth-erato-s-musings.pdf
    • http://www.gorillawalker.com/the-civil-law-consequences-of-corruption-miscellanies-of-the-center.pdf
    • http://www.gorillawalker.com/latin-made-simple-a-complete-introductory-course-in-classical-latin.pdf
    • http://www.gorillawalker.com/naruto-03.pdf
    • http://www.gorillawalker.com/words-and-images-from-the-american-media.pdf
    • http://www.gorillawalker.com/necks-out-for-adventure-the-true-story-of-edwin-wiggleskin.pdf
    • http://www.gorillawalker.com/bloodborn-an-other-novel.pdf
    • http://www.gorillawalker.com/urban-regeneration-in-the-uk-theory-and-practice.pdf
    • http://www.gorillawalker.com/gifted-education-a-comprehensive-view.pdf
    • http://www.gorillawalker.com/chinese-made-easy-workbook-level-2-simplified-characters-mandarin-chinese.pdf
    • http://www.gorillawalker.com/energy-security-managing-risk-in-a-dynamic-legal-and-regulatory.pdf
    • http://www.gorillawalker.com/the-street.pdf
    • http://www.gorillawalker.com/powerful-armored-vehicles-vehicles-on-the-move.pdf
    • http://www.gorillawalker.com/panama-canal-treaty-disposition-of-united-states-territory-hearing-before.pdf
    • http://www.gorillawalker.com/tobacco-face-the-facts.pdf
    • http://www.gorillawalker.com/frightful-s-mountain.pdf
    • http://www.gorillawalker.com/at-the-throne-of-grace-a-book-of-prayers.pdf
    • http://www.gorillawalker.com/the-easy-way-to-stop-smoking-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/manual-physical-therapy-of-the-spine-kindle-edition.pdf
    • http://www.gorillawalker.com/danger-in-space-surviving-the-apollo-13-disaster-american-space.pdf
    • http://www.gorillawalker.com/opengl-programming-guide-the-official-guide-to-learning-opengl-version.pdf
    • http://www.gorillawalker.com/russia-and-china-on-the-eve-of-a-new-millennium.pdf
    • http://www.gorillawalker.com/fast-easy-back-pain-cures-proven-to-work-fix-your.pdf
    • http://www.gorillawalker.com/what-you-don-t-know-about-north-korea-could-fill.pdf
    • http://www.gorillawalker.com/the-big-league.pdf
    • http://www.gorillawalker.com/la-espina-y-el-fruto-jardin-etnobotanico-de-oaxaca-the.pdf
    • http://www.gorillawalker.com/the-wolf-and-the-lamb-a-jerusalem-mystery-jerusalem-mysteries.pdf
    • http://www.gorillawalker.com/a-designer-s-guide-to-built-in-self-test-frontiers.pdf
    • http://www.gorillawalker.com/gnosticism-platonism-and-the-late-ancient-world-essays-in-honour.pdf
    • http://www.gorillawalker.com/vegetable-juicing-for-everyone-how-to-get-your-family-healthier.pdf
    • http://www.gorillawalker.com/a-chance-encounter-with-a-neighbour.pdf
    • http://www.gorillawalker.com/on-growth-and-form-abridged-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.