Malicious PDF — malware analysis report

Static analysis result for SHA-256 f2e1fa3c3750cd9c…

MALICIOUS

PDF

43.2 KB Created: 2019-04-07 18:03:44 +03:00 Authoring application: Apache FOP Version 1.0
MD5: c0ec568f03c433d7c3eadab085bd0067 SHA-1: 53f66a2c63acf3930b891c82f201aaaa57bfd3f4 SHA-256: f2e1fa3c3750cd9c3dc8f5013099212b2f923a41fe839d344078a2081507049d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV and an ML classifier, indicating it is a dropper. The PDF contains multiple embedded URLs pointing to external resources, likely intended to host and deliver secondary payloads. The presence of these URLs strongly suggests an attack pattern focused on tricking users into downloading further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7058878-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7058878-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/das-geheimnis-der-karawane-roman-german-edition.pdf
    • http://www.gorillawalker.com/rush-hour-german-with-four-audio-cds-a-teach-yourself.pdf
    • http://www.gorillawalker.com/corporate-communications-convention-complexity-and-critique.pdf
    • http://www.gorillawalker.com/listening-to-the-land-stories-from-the-cacapon-and-lost.pdf
    • http://www.gorillawalker.com/modern-automotive-technology-examview-assessment-suite.pdf
    • http://www.gorillawalker.com/dr-atkins-new-diet-value-pack-by-atkins-robert-c.pdf
    • http://www.gorillawalker.com/the-theology-of-the-first-letter-to-the-corinthians-new.pdf
    • http://www.gorillawalker.com/getting-from-a-to-b-in-law-school-a-model.pdf
    • http://www.gorillawalker.com/three-pointed-star-the-story-of-mercedes-benz.pdf
    • http://www.gorillawalker.com/shopaholic-ties-the-knot-a-novel.pdf
    • http://www.gorillawalker.com/drawing-life-surviving-the-unabomber.pdf
    • http://www.gorillawalker.com/six-healing-sounds-with-lisa-and-ted-qigong-for-children.pdf
    • http://www.gorillawalker.com/fretboard-freedom-a-52-week-one-lick-per-day-method.pdf
    • http://www.gorillawalker.com/the-real-number-system.pdf
    • http://www.gorillawalker.com/my-life-with-autism-2-book-combo-reality-of-two.pdf
    • http://www.gorillawalker.com/one-minute-life-changes-how-one-minute-can-change-your.pdf
    • http://www.gorillawalker.com/one-last-bullet-an-adrian-hell-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/the-tucci-cookbook.pdf
    • http://www.gorillawalker.com/non-governmental-development-organizations-and-the-poverty-reduction-agenda-the.pdf
    • http://www.gorillawalker.com/hilo-rains-bamboo-ridge-37-38.pdf
    • http://www.gorillawalker.com/moses-hess-prophet-of-communism-and-zionism-modern-jewish-masters.pdf
    • http://www.gorillawalker.com/the-enduring-democracy-with-mindtap-tm-american-government-printed-access.pdf
    • http://www.gorillawalker.com/amos-1969-a-commentary-the-old-testament-library.pdf
    • http://www.gorillawalker.com/sustainable-wealth-achieve-financial-security-in-a-volatile-world-of.pdf
    • http://www.gorillawalker.com/industry-s-voice-in-health-policy-springer-series-on-industry.pdf
    • http://www.gorillawalker.com/frankenstein-a-bantam-classic.pdf
    • http://www.gorillawalker.com/the-butterfly-farm-the-harriet-mciver-mystery-series-1.pdf
    • http://www.gorillawalker.com/my-best-friend-s-stepfather-3.pdf
    • http://www.gorillawalker.com/sistemas-de-seguridad-y-confort-en-vehiculos-automoviles-manuales-de.pdf
    • http://www.gorillawalker.com/theories-of-counseling-and-psychotherapy-plus-new-mycounselinglab-with-video.pdf
    • http://www.gorillawalker.com/art-and-animation.pdf
    • http://www.gorillawalker.com/politics-and-policy-in-states-and-communities-10th-edition.pdf
    • http://www.gorillawalker.com/the-little-prover.pdf
    • http://www.gorillawalker.com/i-m-perfect-you-re-doomed-tales-from-a-jehovah.pdf
    • http://www.gorillawalker.com/the-darkness-of-the-womb.pdf
    • http://www.gorillawalker.com/country-inns-and-back-roads-britain-and-ireland.pdf
    • http://www.gorillawalker.com/under-suspicion-citizenship-and-internment-in-australia-during-the-second.pdf
    • http://www.gorillawalker.com/when-the-pavilion-had-a-moustache.pdf
    • http://www.gorillawalker.com/the-new-direct-marketing-how-to-implement-a-profit-driven.pdf
    • http://www.gorillawalker.com/the-fuzzy-wuzzy-caterpillar.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.