Malicious PDF — malware analysis report

Static analysis result for SHA-256 8be5627ee687aa1d…

MALICIOUS

PDF

42.7 KB Created: 2019-02-14 08:26:27 +03:00 Authoring application: Pdf995 (via GNU Ghostscript 7.05)
MD5: 90ab514ecb85e21ab590dcdc8c4d987b SHA-1: a626d2f3612972dc1bde835110d33c6d196c5830 SHA-256: 8be5627ee687aa1ddca2d8f04f7959eb5df67d0ed3220f54c8decc95189232db
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file was detected as Pdf.Dropper.Agent-7142922-0 by ClamAV, indicating it functions as a dropper. Static analysis revealed multiple embedded URLs pointing to external PDF files, suggesting a lure to download further malicious content. The presence of these URLs and the ClamAV detection strongly indicate a malicious intent to deliver additional payloads.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7142922-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142922-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/shortcuts-to-sexy-abs-337-ways-to-trim-tone-camouflage.pdf
    • http://www.gorillawalker.com/la-mam-de-kepler-y-otros-asuntos-cient-ficos-igual.pdf
    • http://www.gorillawalker.com/solent-and-the-isle-of-wight-southampton-and-portsmouth-landranger.pdf
    • http://www.gorillawalker.com/the-world-of-soul-black-america-s-contribution-to-the.pdf
    • http://www.gorillawalker.com/analyzing-rock-art-of-the-mojave-desert-vol-i-pictographs.pdf
    • http://www.gorillawalker.com/the-elder-scrolls-v-skyrim-game-guide-walkthrough-cheats-tips.pdf
    • http://www.gorillawalker.com/sql-server-2012-alwayson-joes-2-pros-r-a-tutorial.pdf
    • http://www.gorillawalker.com/color-textbook-of-histology-3e.pdf
    • http://www.gorillawalker.com/the-white-seneca.pdf
    • http://www.gorillawalker.com/equipment-mechanic-passbooks.pdf
    • http://www.gorillawalker.com/the-vineyard-exploding-grapes.pdf
    • http://www.gorillawalker.com/star-products-in-one-dimensional-symbolic-dynamics.pdf
    • http://www.gorillawalker.com/1036-extreme-sudoku-challenges-not-so-easy-to-tough-puzzles.pdf
    • http://www.gorillawalker.com/doing-narrative-research.pdf
    • http://www.gorillawalker.com/teach-your-child-to-read-in-100-easy-lessons.pdf
    • http://www.gorillawalker.com/koeman-s-atlantes-neerlandici-new-edition-vol-i.pdf
    • http://www.gorillawalker.com/gout-answers-at-your-fingertips.pdf
    • http://www.gorillawalker.com/lonely-planet-rome-lonely-planet-travel-guides-french-edition.pdf
    • http://www.gorillawalker.com/the-big-book-of-rock-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/fractal-cross-stitch-pattern-design-no-5259.pdf
    • http://www.gorillawalker.com/laparoscopic-fundoplication-nissen-and-toupet-techniques-laparoscopic-surgical-series.pdf
    • http://www.gorillawalker.com/sung-poems-kindle-edition.pdf
    • http://www.gorillawalker.com/metaprogramming-ruby-2-program-like-the-ruby-pros-facets-of.pdf
    • http://www.gorillawalker.com/beyond-lungs-meeting-the-needs-of-adults-with-cystic-fibrosis.pdf
    • http://www.gorillawalker.com/like-gold-refined-prairie-legacy.pdf
    • http://www.gorillawalker.com/working-together-why-great-partnerships-succeed.pdf
    • http://www.gorillawalker.com/herobrine-gets-stuck-in-the-real-world-a-minecraft-short.pdf
    • http://www.gorillawalker.com/coyote-an-indian-casino-blues.pdf
    • http://www.gorillawalker.com/fractals-the-intelligence-of-god-s-design-jupiter-and-venus.pdf
    • http://www.gorillawalker.com/the-best-christmas-pageant-ever-script.pdf
    • http://www.gorillawalker.com/the-faithful-sister-and-other-classic-fairy-tales-sister-stories.pdf
    • http://www.gorillawalker.com/art-since-1900-modernism-antimodernism-postmoderni-vol-2-1945-to.pdf
    • http://www.gorillawalker.com/hidden-crypts-dungeon-tiles-set-3-dungeons-dragons-accessory.pdf
    • http://www.gorillawalker.com/history-of-assyria.pdf
    • http://www.gorillawalker.com/by-jahangir-khan-learn-squash-and-racquetball-in-a-weekend.pdf
    • http://www.gorillawalker.com/understanding-digital-piracy-digital-and-information-literacy.pdf
    • http://www.gorillawalker.com/short-protocols-in-molecular-biology-a-compendium-of-methods-from.pdf
    • http://www.gorillawalker.com/a-study-of-prognostic-factors-in-sudden-hearing-loss-an.pdf
    • http://www.gorillawalker.com/taboo-fantasies-disciplining-the-brat-taboo-first-time-punishment-erotica.pdf
    • http://www.gorillawalker.com/system-identification-theory-for-the-user-2nd-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.