Malicious PDF — malware analysis report

Static analysis result for SHA-256 1c88af44f5f6dbd7…

MALICIOUS

PDF

42.1 KB Created: 2018-12-14 20:38:44 +03:00 Authoring application: Arbortext Publishing Engine (via PDFlib+PDI 8.0.2p1 (Win32))
MD5: 445683d3e65d0bcef8a71f46d46ece06 SHA-1: 5fc282f3db61590555c569e21e9bedecef12a589 SHA-256: 1c88af44f5f6dbd78d42a0b4999c221037b2049a48dbed75324a917c3744498f
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a PDF dropper by ClamAV. It contains multiple embedded URLs pointing to PDF files on the same domain. The heuristic firings indicate the presence of external URIs and embedded URLs, suggesting a delivery mechanism for further malicious content. The document body itself is heavily obfuscated and does not provide clear textual lures, but the overall structure points to a download-and-execute attack pattern.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7142221-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142221-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/perry-rhodan-2821-heftroman-perry-rhodan-zyklus-die-jenzeitigen-lande.pdf
    • http://www.gorillawalker.com/pig-war-islands.pdf
    • http://www.gorillawalker.com/lives-in-ruins-archaeologists-and-the-seductive-lure-of-human.pdf
    • http://www.gorillawalker.com/bamboo-fences.pdf
    • http://www.gorillawalker.com/encyclopedia-brown-and-the-case-of-the-dead-eagles.pdf
    • http://www.gorillawalker.com/world-music-roots-to-contemporary-global-fusion.pdf
    • http://www.gorillawalker.com/stingrays-poisonous-animals.pdf
    • http://www.gorillawalker.com/antony-van-leeuwenhoek-and-his-little-animals-a-collection-of.pdf
    • http://www.gorillawalker.com/new-york-contemporary-art-galleries.pdf
    • http://www.gorillawalker.com/oman-trekking.pdf
    • http://www.gorillawalker.com/xcode-learn-xcode-fast-a-beginner-s-guide-to-programming.pdf
    • http://www.gorillawalker.com/bennett-cerf-s-treasury-of-atrocious-puns.pdf
    • http://www.gorillawalker.com/walt-disney-s-donald-duck-christmas-on-bear-mountain-the.pdf
    • http://www.gorillawalker.com/placepot-nh-annual-2002-high-stakes.pdf
    • http://www.gorillawalker.com/design-and-analysis-report-for-the-flight-weight-20-inch.pdf
    • http://www.gorillawalker.com/summary-rich-dad-poor-dad-robert-kiyosaki-and-sharon-lechter.pdf
    • http://www.gorillawalker.com/au-pays-des-coupeurs-de-tetes-a-travers-borneo-collection.pdf
    • http://www.gorillawalker.com/the-song-of-songs.pdf
    • http://www.gorillawalker.com/holt-environmental-science-active-reading-workbook.pdf
    • http://www.gorillawalker.com/the-reincarnationist.pdf
    • http://www.gorillawalker.com/glory-the-dust-chronicles-book-3.pdf
    • http://www.gorillawalker.com/sexual-harassment-kit-kindle-edition.pdf
    • http://www.gorillawalker.com/the-history-of-barbados-from-the-first-discovery-of-the.pdf
    • http://www.gorillawalker.com/automobilia-20th-century-international-reference-with-price-guide.pdf
    • http://www.gorillawalker.com/the-teachers-and-writers-handbook-of-poetic-forms.pdf
    • http://www.gorillawalker.com/regulation-of-the-legal-profession-the-essentials.pdf
    • http://www.gorillawalker.com/to-the-light.pdf
    • http://www.gorillawalker.com/the-great-collection-of-carl-weters-educational-law-and-education.pdf
    • http://www.gorillawalker.com/aeneas-as-six-sigma-leader-a-lesson-in-management-and.pdf
    • http://www.gorillawalker.com/daily-gifts-of-grace-devotions-for-each-day-of-your.pdf
    • http://www.gorillawalker.com/designer-fashion-dolls.pdf
    • http://www.gorillawalker.com/more-evidence-that-demands-a-verdict-historical-evidences-for-the.pdf
    • http://www.gorillawalker.com/essential-concepts-of-business-for-lawyers-by-robert-rhee-published.pdf
    • http://www.gorillawalker.com/brave-tin-soldier-and-other-stories-10-minute-children-s.pdf
    • http://www.gorillawalker.com/el-mundo-de-las-pastas-the-world-of-pasta-pasta.pdf
    • http://www.gorillawalker.com/medieval-agriculture-and-islamic-science-the-almanac-of-a-yemeni.pdf
    • http://www.gorillawalker.com/starry-night-a-christmas-novel.pdf
    • http://www.gorillawalker.com/the-adventures-of-super-diaper-baby.pdf
    • http://www.gorillawalker.com/doctor-who-omnibus-volume-1.pdf
    • http://www.gorillawalker.com/perfect-phrases-for-managers-and-supervisors-second-edition-perfect-phrases.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.