Malicious PDF — malware analysis report

Static analysis result for SHA-256 803924e6c41dea81…

MALICIOUS

PDF

35.0 KB Created: 2019-09-29 23:31:43 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0.5 (Windows))
MD5: 3d391a61b76088c77151deacface5b6f SHA-1: 5d7b9f2f99024e1b90fe737c2f53f13c8448dd4f SHA-256: 803924e6c41dea819fb978916c6d2972d076bd5a6d7d80a0f51ded0b1f7f09d1
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file was detected by ClamAV as Pdf.Dropper.Agent-7353126-0, indicating it is a known malicious PDF dropper. The presence of multiple embedded URLs, such as http://www.gorillawalker.com/childrens-encyclopedia-import.pdf, suggests the document is designed to trick the user into downloading a secondary payload. No scripts were extracted from this sample, limiting further analysis of its specific execution behavior.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7353126-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7353126-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/childrens-encyclopedia-import.pdf
    • http://www.gorillawalker.com/the-frontier-missionary-a-memoir-of-the-life-of-the.pdf
    • http://www.gorillawalker.com/relationships-what-is-health.pdf
    • http://www.gorillawalker.com/the-simpler-life.pdf
    • http://www.gorillawalker.com/introduction-to-three-dimensional-climate-modeling.pdf
    • http://www.gorillawalker.com/the-politics-of-the-male-body-in-global-sport-the.pdf
    • http://www.gorillawalker.com/tiger-1000-piece-jigsaw.pdf
    • http://www.gorillawalker.com/toward-a-prophetic-youth-ministry-theory-and-praxis-in-urban.pdf
    • http://www.gorillawalker.com/light-and-healthy-mediterranean-cooking-includes-nutritional-analysis-fat-content.pdf
    • http://www.gorillawalker.com/bad-urach-stiftskirche-st-amandus-kleine-kunstfuhrer-german-edition.pdf
    • http://www.gorillawalker.com/tempests-and-romantic-visionaries-images-of-storms-in-european-and.pdf
    • http://www.gorillawalker.com/law-express-question-and-answer-land-law-q-a-revision.pdf
    • http://www.gorillawalker.com/vanet-vehicular-applications-and-inter-networking-technologies.pdf
    • http://www.gorillawalker.com/chicago-s-railroads-and-parmelee-s-transfer-company-a-century.pdf
    • http://www.gorillawalker.com/woyzeck-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-myth-of-natural-origins-how-science-points-to-divine.pdf
    • http://www.gorillawalker.com/futanarium-1-an-erotic-short-story-bundle-kindle-edition.pdf
    • http://www.gorillawalker.com/access-97-vba-programming-with-cdrom-beginning.pdf
    • http://www.gorillawalker.com/fly-without-fear-proven-breathing-techniques-for-in-flight-relaxation.pdf
    • http://www.gorillawalker.com/stories-of-jesus.pdf
    • http://www.gorillawalker.com/offset-lithographic-technology-workbook.pdf
    • http://www.gorillawalker.com/soldier-hollow.pdf
    • http://www.gorillawalker.com/wild-animal-planet-birth-and-baby-animals-compare-the-way.pdf
    • http://www.gorillawalker.com/appomattox-county-va-images-of-america.pdf
    • http://www.gorillawalker.com/hodges-harbrace-handbook.pdf
    • http://www.gorillawalker.com/your-personal-house-of-prayer-unlocking-twelve-unique-rooms-found.pdf
    • http://www.gorillawalker.com/samuel-beckett-s-waiting-for-godot-modern-theatre-guides.pdf
    • http://www.gorillawalker.com/grey-book-form-of-contract-adjudication-rules.pdf
    • http://www.gorillawalker.com/young-charlotte-filmmaker.pdf
    • http://www.gorillawalker.com/engineering-analysis-with-solidworks-simulation-2012.pdf
    • http://www.gorillawalker.com/la-hora-de-los-chicos-malos-novela-completa-extras-spanish.pdf
    • http://www.gorillawalker.com/business-state-relations-in-brazil-challenges-for-the-port-modernisation.pdf
    • http://www.gorillawalker.com/barron-s-common-core-success-grade-3-math-preparing-students.pdf
    • http://www.gorillawalker.com/enciclopedia-de-los-oscar-oscar-encyclopedia-la-historia-no-oficial.pdf
    • http://www.gorillawalker.com/the-littlest-cowboy-s-christmas-with-music-cd.pdf
    • http://www.gorillawalker.com/dinosaur-summer.pdf
    • http://www.gorillawalker.com/the-origins-of-meaning-language-in-the-light-of-evolution.pdf
    • http://www.gorillawalker.com/the-legal-and-ethical-environment-of-business-an-integrated-approach.pdf
    • http://www.gorillawalker.com/trenton-and-princeton-1776-77-washington-crosses-the-delaware-campaign.pdf
    • http://www.gorillawalker.com/the-practice-of-supply-chain-management-where-theory-and-application.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.