Malicious PDF — malware analysis report

Static analysis result for SHA-256 22f64b0a2c589699…

MALICIOUS

PDF

32.2 KB Created: 2019-08-10 07:58:02 +03:00 Authoring application: - (via Acrobat Distiller 2.0 for Macintosh)
MD5: 9bdc3b2dabf0e21df1a44426da3b0206 SHA-1: 87645c5036b366058f94304efb9996581d852fd7 SHA-256: 22f64b0a2c589699e60a6a29ac5fca489796b94a50828b50d6781837aa7d15f9
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.001 Malicious Link

The ClamAV heuristic identified this PDF as a dropper. The presence of external URIs and the 'SE_CALLBACK_LURE' heuristic indicate that the document is designed to trick the user into interacting with it, likely by presenting a fake issue that requires a phone call. The embedded URLs are likely part of the lure or a secondary download mechanism.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7140544-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140544-0
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/against-all-tyranny-essays-on-anarchism-in-brazil-kate-sharpley.pdf
    • http://www.gorillawalker.com/adrift-seventy-six-days-lost-at-sea.pdf
    • http://www.gorillawalker.com/cats-big-small-beyond-projects-the-cf-sculpture-series-book.pdf
    • http://www.gorillawalker.com/medical-terminology-online-for-medical-terminology-anatomy-for-icd-10.pdf
    • http://www.gorillawalker.com/horace-satire-1-9-the-boor.pdf
    • http://www.gorillawalker.com/cleopatra-a-life.pdf
    • http://www.gorillawalker.com/jeremiah-a-commentary.pdf
    • http://www.gorillawalker.com/a-baker-s-field-guide-to-cupcakes-baker-s-fg.pdf
    • http://www.gorillawalker.com/pathfinder-module-the-witchwar-legacy.pdf
    • http://www.gorillawalker.com/ready-to-use-human-biology-health-activities-for-grades-5.pdf
    • http://www.gorillawalker.com/the-pen-and-ink-book-materials-and-techniques-for-today.pdf
    • http://www.gorillawalker.com/teen-cinders-kindle-edition.pdf
    • http://www.gorillawalker.com/from-heaven-lake-travels-through-sinkiang-and-tibet-from-heaven.pdf
    • http://www.gorillawalker.com/engaging-the-word-the-new-church-s-teaching-series-vol.pdf
    • http://www.gorillawalker.com/the-boar-of-erymanthus-the-legend-of-herakles-book-5.pdf
    • http://www.gorillawalker.com/alternate-generals-iii.pdf
    • http://www.gorillawalker.com/emory-s-gift-a-novel.pdf
    • http://www.gorillawalker.com/paper-son-one-man-s-story-asian-american-history-cultu.pdf
    • http://www.gorillawalker.com/vange-and-peadar-2-scottish-time-travel-romance-renaissance-fair.pdf
    • http://www.gorillawalker.com/the-most-delicious-libyan-recipes-1-top-10-step-by.pdf
    • http://www.gorillawalker.com/by-cherie-rebar-understanding-nursing-research-using-research-in-evidence.pdf
    • http://www.gorillawalker.com/neues-leben-op-278-keyboard-conductor-score-qty-2-a6612.pdf
    • http://www.gorillawalker.com/the-wealth-of-ideas-why-we-need-free-trade-in.pdf
    • http://www.gorillawalker.com/why-i-m-like-this-true-stories-p-s.pdf
    • http://www.gorillawalker.com/richmond-swaledale-through-time-kindle-edition.pdf
    • http://www.gorillawalker.com/the-winner-s-curse-paradoxes-and-anomalies-of-economic-life.pdf
    • http://www.gorillawalker.com/effective-prayer.pdf
    • http://www.gorillawalker.com/liturgy-and-hymns-for-the-use-of-the-protestant-church.pdf
    • http://www.gorillawalker.com/take-me-to-the-river-a-wayward-and-perilous-journey.pdf
    • http://www.gorillawalker.com/frank-lloyd-wright-oak-park-studio-skylight-100-piece-puzzle.pdf
    • http://www.gorillawalker.com/accounting-executive-passbooks-career-examination-ser.pdf
    • http://www.gorillawalker.com/johnny-delgado-private-detective.pdf
    • http://www.gorillawalker.com/the-bombay-cafe.pdf
    • http://www.gorillawalker.com/harden-s-london-restaurants-2015.pdf
    • http://www.gorillawalker.com/captivating-cats-counted-cross-stitch-book-63.pdf
    • http://www.gorillawalker.com/desde-la-ventana-enfoque-femenino-de-la-literatura-espanola-espasa.pdf
    • http://www.gorillawalker.com/the-mind-s-ear-exercises-for-improving-the-musical-imagination.pdf
    • http://www.gorillawalker.com/naughty-wives-collection-2-cheating-wives-menage-interracial-erotica.pdf
    • http://www.gorillawalker.com/landscape-irrigation-design-and-management.pdf
    • http://www.gorillawalker.com/human-body-grades-5-8-100-reproducible-activities.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.