Malicious PDF — malware analysis report

Static analysis result for SHA-256 77e2bcef8ff0e686…

MALICIOUS

PDF

32.0 KB Created: 2019-09-15 18:10:11 +03:00 Authoring application: Acrobat PDFMaker 9.0 for Word (via Acrobat Distiller 9.0.0 (Windows))
MD5: 4675e87be15585e66b0c88b833dd9ecd SHA-1: b2c62b3cdc97ca86df9f06ea78bc4c59439d7a9b SHA-256: 77e2bcef8ff0e68646b27591faea3e15b4a09154d0611a5004ec028df5f36256
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The ClamAV heuristic identified this PDF as a dropper, and a PDF_URI heuristic pointed to an external URL. The document body contains numerous embedded URLs, all pointing to PDF files on the same domain. This suggests the primary function is to trick the user into downloading a secondary malicious PDF from one of these URLs.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7850714-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7850714-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-best-eid-ever.pdf
    • http://www.gorillawalker.com/love-ahead.pdf
    • http://www.gorillawalker.com/the-comedy-of-charlie-chaplin-artistry-in-motion.pdf
    • http://www.gorillawalker.com/rand-mcnally-boston-ma-easyfinder-plus-map.pdf
    • http://www.gorillawalker.com/paco-de-luc-a-scores-book-4-spanish-edition.pdf
    • http://www.gorillawalker.com/beet-the-vandel-buster-vol-1.pdf
    • http://www.gorillawalker.com/seals-combat-alley-a-seals-novel.pdf
    • http://www.gorillawalker.com/complex-variables-second-edition-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/seven-methods-for-transforming-corporate-data-into-business-intelligence.pdf
    • http://www.gorillawalker.com/historia-contemporanea-de-america-latina-el-libro-de-bolsillo-the.pdf
    • http://www.gorillawalker.com/the-math-inspectors-story-one-the-case-of-the-claymore.pdf
    • http://www.gorillawalker.com/numerical-problems-for-pmp-project-management-pmp-certifiction-kindle-edition.pdf
    • http://www.gorillawalker.com/alimento-diario-volumen-1-devocional-biblico-volume-1-spanish-edition.pdf
    • http://www.gorillawalker.com/before-taliban-genealogies-of-the-afghan-jihad.pdf
    • http://www.gorillawalker.com/sin-dejar-mi-empleo-gu.pdf
    • http://www.gorillawalker.com/full-equal-access-disabled-rights-litigation-in-california.pdf
    • http://www.gorillawalker.com/amtsenthebung-und-versetzung-von-pfarrern-eine-untersuchung-des-geltenden-rechts.pdf
    • http://www.gorillawalker.com/is-it-larger-is-it-smaller.pdf
    • http://www.gorillawalker.com/palazzo-te-giulio-romano-s-masterwork-in-mantua.pdf
    • http://www.gorillawalker.com/do-you-really-want-to-visit-jupiter.pdf
    • http://www.gorillawalker.com/the-fall-guy-30-years-as-the-duke-s-double.pdf
    • http://www.gorillawalker.com/form-style-and-meaning-in-byzantine-church-architecture-collected-studies.pdf
    • http://www.gorillawalker.com/the-scholarship-book-2002.pdf
    • http://www.gorillawalker.com/the-horse-connection.pdf
    • http://www.gorillawalker.com/visit-to-the-portuguese-possessions-in-south-western-africa.pdf
    • http://www.gorillawalker.com/black-magic-woman-the-others-book-4.pdf
    • http://www.gorillawalker.com/teens-sex-and-choices.pdf
    • http://www.gorillawalker.com/coward-plays-4-blithe-spirit-present-laughter-this-happy-breed.pdf
    • http://www.gorillawalker.com/come-sopravvivere-davanti-a-un-monitor-seconda-edizione-riveduta-e.pdf
    • http://www.gorillawalker.com/mammals-of-florida.pdf
    • http://www.gorillawalker.com/heat-vol-3-master-chefs-heat-series-3-kindle-edition.pdf
    • http://www.gorillawalker.com/grass-productivity-an-introduction-to-rational-grazing.pdf
    • http://www.gorillawalker.com/diary-of-john-early-bishop-of-the-methodist-episcopal-church.pdf
    • http://www.gorillawalker.com/how-to-rebuild-your-engine-motorbooks-internationa-powerpro.pdf
    • http://www.gorillawalker.com/unarmed-fighting-techniques-of-the-samurai.pdf
    • http://www.gorillawalker.com/the-almost-fearless-hamilton-squidlegger.pdf
    • http://www.gorillawalker.com/most-spectacular-hotels-in-bangkok-discover-thailand-s-miracles-volume.pdf
    • http://www.gorillawalker.com/the-spear-of-odin-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-pray-for-inner-healing.pdf
    • http://www.gorillawalker.com/uncover-level-1-audio-cds-2.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.