Pdf.Dropper.Agent — PDF malware analysis

Static analysis result for SHA-256 85a714cf21fbffc1…

MALICIOUS

PDF

33.6 KB Created: 2019-09-18 18:49:39 +03:00 Authoring application: Adobe InDesign CS2 (4.0) (via Adobe PDF Library 7.0)
MD5: 3f8f5149aadc9cb63535c41e64603d72 SHA-1: 42837efa1d528e1ebac540e496ff01d573861ea8 SHA-256: 85a714cf21fbffc131db95abbdbd4a3a56ec871599ba074714a223e71a342aea
62 Risk Score

Malware Insights

Pdf.Dropper.Agent · confidence 95%

MITRE ATT&CK
T1204.002 Malicious Link T1059.001 PowerShell

The ClamAV heuristic identified this PDF as a dropper, and an external URI was found pointing to a URL on gorillawalker.com. The document body contains numerous links to PDF files hosted on the same domain, suggesting a watering hole or phishing attack. The primary function appears to be redirecting the user to download a secondary payload from the embedded URL.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7190663-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7190663-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chapter-3-fast-file-physical-activity-and-fitness-glencoe-teen.pdf
    • http://www.gorillawalker.com/the-99-critical-shots-in-pool.pdf
    • http://www.gorillawalker.com/rbrvs-payment-calculator-2007.pdf
    • http://www.gorillawalker.com/the-boss-s-bedroom-agenda-harlequin-comics.pdf
    • http://www.gorillawalker.com/me-too.pdf
    • http://www.gorillawalker.com/roulettechess-a-technology-of-systems-play-for-roulette-kindle-edition.pdf
    • http://www.gorillawalker.com/f-vol-1-kindle-edition.pdf
    • http://www.gorillawalker.com/losing-emily-a-journey-through-stillbirth-to-finding-peace-and.pdf
    • http://www.gorillawalker.com/alfred-s-teach-yourself-to-play-harmonica-bk-cd.pdf
    • http://www.gorillawalker.com/parameters-of-care-for-oral-and-maxillofacial-surgery-a-guide.pdf
    • http://www.gorillawalker.com/kitty-kitty-bang-bang-a-novel-zane-presents.pdf
    • http://www.gorillawalker.com/an-italic-calligraphy-handbook.pdf
    • http://www.gorillawalker.com/basic-refrigeration-and-air-conditioning.pdf
    • http://www.gorillawalker.com/neuroanatomy-through-clinical-cases-second-edition.pdf
    • http://www.gorillawalker.com/last-first-kiss.pdf
    • http://www.gorillawalker.com/reinvesting-in-america-the-grassroots-movements-that-are-feeding-the.pdf
    • http://www.gorillawalker.com/lonergan-outstanding-christian-thinkers.pdf
    • http://www.gorillawalker.com/alexandre-hogue-an-american-visionary-paintings-and-works-on-paper.pdf
    • http://www.gorillawalker.com/human-resource-management-for-the-hospitality-and-tourism-industries.pdf
    • http://www.gorillawalker.com/in-the-lion-s-shadow-the-iranian-schindler-and-his.pdf
    • http://www.gorillawalker.com/steck-vaughn-focus-on-science-student-edition-level-c.pdf
    • http://www.gorillawalker.com/mysteries-of-the-last-days-kindle-edition.pdf
    • http://www.gorillawalker.com/chemistry-and-chemical-taxonomy-of-the-rutales-annual-preceedings-of.pdf
    • http://www.gorillawalker.com/solar-eclipse-monitoring-for-solar-energy-applications-using-the-solar.pdf
    • http://www.gorillawalker.com/sourcebook-for-political-communication-research-methods-measures-and-analytical-techniques.pdf
    • http://www.gorillawalker.com/aging-aircraft-repair-replacement-decisions-with-depot-level-capacity-as.pdf
    • http://www.gorillawalker.com/happy-baby-words-bilingual-soft-to-touch-spanish-edition.pdf
    • http://www.gorillawalker.com/cluster-algebra-and-poisson-geometry-mathematical-surveys-and-monographs.pdf
    • http://www.gorillawalker.com/the-devil-in-the-marshalsea.pdf
    • http://www.gorillawalker.com/the-strange-case-of-hellish-nell-the-true-story-of.pdf
    • http://www.gorillawalker.com/electrician-s-guide-to-control-and-monitoring-systems-installation-troubleshooting.pdf
    • http://www.gorillawalker.com/beginning-cellist-s-songbook.pdf
    • http://www.gorillawalker.com/spinoza-s-revolutions-in-natural-law.pdf
    • http://www.gorillawalker.com/family-familie-bilingual-first-books-english-and-german-edition.pdf
    • http://www.gorillawalker.com/the-w-e-t-workout-water-exercises-and-techniques-to.pdf
    • http://www.gorillawalker.com/backwater.pdf
    • http://www.gorillawalker.com/elements-of-planting-design.pdf
    • http://www.gorillawalker.com/from-felt-to-fabric-new-techniques-in-nuno-felting.pdf
    • http://www.gorillawalker.com/the-berenstain-bears-mother-s-day-blessings-berenstain-bears-living.pdf
    • http://www.gorillawalker.com/the-zofingia-lectures-collected-works-of-c-g-jung.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.