Malicious PDF — malware analysis report

Static analysis result for SHA-256 951bcf70dfa45386…

MALICIOUS

PDF

33.8 KB Created: 2019-12-13 05:28:42 +03:00 Authoring application: AH XSL Formatter V6.2 MR5 for Windows (x64) : 6.2.7.18952 (via Antenna House PDF Output Library 6.2.625 (Windows (x64)))
MD5: 8c8a71787a9e6216c644074c4b2c51bc SHA-1: 6c4e48c0cffe50d8427a925750322960d6f8bb2c SHA-256: 951bcf70dfa453860da82bde34a98deed0e310edbdeb986add2e7875753775c1
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a malicious PDF dropper by ClamAV. It contains multiple embedded URLs pointing to PDF files on the same domain. The primary attack pattern involves luring the user to click these links, which likely leads to the download of a secondary malicious payload. No scripts were extracted, limiting the analysis of the exact execution chain.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7581144-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7581144-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/yellowcake-towns-uranium-mining-communities-in-the-american-west-mining.pdf
    • http://www.gorillawalker.com/this-is-monet.pdf
    • http://www.gorillawalker.com/darling-judi-a-celebration-of-judi-dench.pdf
    • http://www.gorillawalker.com/darrow-kleinhaus-berman-and-cooney-s-the-new-york-bar.pdf
    • http://www.gorillawalker.com/79-park-avenue-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/intermediate-financial-theory-second-edition-academic-press-advanced-finance.pdf
    • http://www.gorillawalker.com/cendrillon-cinderella-piano-vocal-score-heugel.pdf
    • http://www.gorillawalker.com/escape-from-evil-2-gladiator-boy.pdf
    • http://www.gorillawalker.com/the-truth-of-poetry-tensions-in-modernist-poetry-since-baudelaire.pdf
    • http://www.gorillawalker.com/there-s-a-spiritual-solution-to-every-problem.pdf
    • http://www.gorillawalker.com/the-stratocaster-chronicles-celebrating-50-years-of-the-fender-strat.pdf
    • http://www.gorillawalker.com/calisthenics-get-the-body-of-a-greek-god-without-ever.pdf
    • http://www.gorillawalker.com/j-c-ryle-s-commentaries-on-the-gospels-of-matthew.pdf
    • http://www.gorillawalker.com/le-climat-guyanais-petit-atlas-climatique-de-la-guyane-fran.pdf
    • http://www.gorillawalker.com/an-act-to-amend-the-indian-land-consolidation-act-to.pdf
    • http://www.gorillawalker.com/biographies-god-at-their-sides.pdf
    • http://www.gorillawalker.com/public-policy-analysis-an-introduction-2nd-edition.pdf
    • http://www.gorillawalker.com/the-five-a-side-bible.pdf
    • http://www.gorillawalker.com/getting-to-the-roots-of-content-area-vocabulary-grade-4.pdf
    • http://www.gorillawalker.com/giant-doll-dressing-books-set-of-four-books.pdf
    • http://www.gorillawalker.com/the-best-of-sally-the-sleuth.pdf
    • http://www.gorillawalker.com/cosmetics-additives.pdf
    • http://www.gorillawalker.com/forex-for-everyone-forexmentor-s-foundational-guide-to-trading-the.pdf
    • http://www.gorillawalker.com/bahamian-landscapes-an-introduction-to-the-geography-of-the-bahamas.pdf
    • http://www.gorillawalker.com/the-perfect-war-technowar-in-vietnam.pdf
    • http://www.gorillawalker.com/marketing-an-introduction-12th-edition.pdf
    • http://www.gorillawalker.com/handbook-of-mindfulness-theory-research-and-practice.pdf
    • http://www.gorillawalker.com/in-hitler-s-shadow-an-israeli-s-journey-inside-germany.pdf
    • http://www.gorillawalker.com/methods-in-virology-v-iii.pdf
    • http://www.gorillawalker.com/life-magazine-august-25-1967-8-25-67-vietnam-cover.pdf
    • http://www.gorillawalker.com/zephaniah-s-day-of-the-lord-it-hastens-greatly-kindle.pdf
    • http://www.gorillawalker.com/dream-pie-an-mmmf-younger-woman-older-guy-taboo-first.pdf
    • http://www.gorillawalker.com/5-lieder-op-19-arrangement-for-orchestra-percussion-part-qty.pdf
    • http://www.gorillawalker.com/under-the-rainbow-a-primer-on-queer-issues-in-canada.pdf
    • http://www.gorillawalker.com/femmes-masterpieces-of-erotic-photography.pdf
    • http://www.gorillawalker.com/dungeons-and-dragons-core-rulebook-gift-set-4th-edition-box.pdf
    • http://www.gorillawalker.com/quirky-leadership-permission-granted.pdf
    • http://www.gorillawalker.com/racial-revolutions-antiracism-and-indian-resurgence-in-brazil-latin-america.pdf
    • http://www.gorillawalker.com/the-song-of-david-the-law-of-moses-volume-2.pdf
    • http://www.gorillawalker.com/the-bahamas-the-route-most-traveled.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.