Malicious PDF — malware analysis report

Static analysis result for SHA-256 f636fee46f642adf…

MALICIOUS

PDF

43.3 KB Created: 2018-11-15 18:32:30 +03:00 Authoring application: UnknownApplication (via XEP 4.4 build 20050610)
MD5: ead81fb5c8ea4bb92f9ec06c0edbf3c0 SHA-1: adc87f0f8d619873a09596abe0a62e1c7e8c4816 SHA-256: f636fee46f642adfbc6c8efa0262f6ea1e1393a182139dba6c8473a3d8344fe5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file was detected as malicious by ClamAV and an ML classifier, indicating it is a PDF dropper. The embedded URI points to a PDF file hosted on www.gorillawalker.com, likely serving as the second-stage payload. No scripts were extracted, but the PDF structure and heuristics strongly suggest a malicious intent to download and execute further content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7324615-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7324615-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/walker-s-map-lyme-bay.pdf
    • http://www.gorillawalker.com/theories-of-human-nature-classical-and-contemporary-readings.pdf
    • http://www.gorillawalker.com/midnight-burning.pdf
    • http://www.gorillawalker.com/donde-esta-la-pelota-where-is-the-ball-primeros-lectores.pdf
    • http://www.gorillawalker.com/circe-s-pool-kindle-edition.pdf
    • http://www.gorillawalker.com/alfred-12-0571523749-unbeaten-tracks-for-oboe.pdf
    • http://www.gorillawalker.com/dictionary-of-film-terms-the-aesthetic-companion-to-film-art.pdf
    • http://www.gorillawalker.com/stockley-s-drug-interactions-single-user-version.pdf
    • http://www.gorillawalker.com/with-christ-in-the-school-of-prayer.pdf
    • http://www.gorillawalker.com/we-like-to-nurse-too-world-health-hohm-press.pdf
    • http://www.gorillawalker.com/tim-holtz-distressables.pdf
    • http://www.gorillawalker.com/in-jesse-s-shoes.pdf
    • http://www.gorillawalker.com/plumbing-engineering-design-handbook-plumbing-systems-volume-2.pdf
    • http://www.gorillawalker.com/the-outer-planets-and-their-moons-comparative-studies-of-the.pdf
    • http://www.gorillawalker.com/introduction-to-modern-mycology.pdf
    • http://www.gorillawalker.com/handbook-of-biopolymers-and-biodegradable-plastics-properties-processing-and-applications.pdf
    • http://www.gorillawalker.com/symposium-on-gastroenterology-the-veterinary-clinics-of-north-america-vol.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-nietzsche-oxford-handbooks.pdf
    • http://www.gorillawalker.com/a-time-to-die-the-untold-story-of-the-kursk.pdf
    • http://www.gorillawalker.com/quality-management-in-the-imaging-sciences-4th-forth-edition-hardcover.pdf
    • http://www.gorillawalker.com/vacuum-tube-amplifier-basics-kindle-edition.pdf
    • http://www.gorillawalker.com/backpack-bubbles-and-a-bali-tattoo-kindle-edition.pdf
    • http://www.gorillawalker.com/the-principal-s-companion-a-workbook-for-future-school-leaders.pdf
    • http://www.gorillawalker.com/diving-and-subaquatic-medicine.pdf
    • http://www.gorillawalker.com/the-creative-magician-s-handbook-a-guide-to-tricks-illusions.pdf
    • http://www.gorillawalker.com/penny-s-revenge-feminized-by-my-old-man-s-trophy.pdf
    • http://www.gorillawalker.com/el-vertigo-de-las-listas-the-vertigo-of-lists-spanish.pdf
    • http://www.gorillawalker.com/the-mayflower-report-1622-as-told-by-the-mayflower-pilgrims.pdf
    • http://www.gorillawalker.com/cityflash-venice-map.pdf
    • http://www.gorillawalker.com/the-memoirs-of-jfk-if-kennedy-had-survived.pdf
    • http://www.gorillawalker.com/scott-s-blog-of-doom-presents-the-complete-ufc-rants.pdf
    • http://www.gorillawalker.com/handbook-of-demonstrations-and-activities-in-the-teaching-of-psychology.pdf
    • http://www.gorillawalker.com/weight-control-hypnosis-program-double-cd-set-positive-changes-hypnosis.pdf
    • http://www.gorillawalker.com/la-celestina-a-play-with-music.pdf
    • http://www.gorillawalker.com/with-every-drop-of-blood-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-hymns-of-the-protestant-episcopal.pdf
    • http://www.gorillawalker.com/broken-laces-kindle-edition.pdf
    • http://www.gorillawalker.com/today-s-superstars-classroom-collection.pdf
    • http://www.gorillawalker.com/make-your-idea-matter-stand-out-with-a-better-story.pdf
    • http://www.gorillawalker.com/rock-thiz-magazine-issue-9-kindle-edition.pdf
    • http://www.gorillawalker.com/dictionary-of-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.