Malicious PDF — malware analysis report

Static analysis result for SHA-256 9895de38ae628fba…

MALICIOUS

PDF

44.2 KB Created: 2018-11-30 20:09:06 +03:00 Authoring application: iBooks Author (via Mac OS X 10.9.3 Quartz PDFContext)
MD5: 7256a862d3e26181984fa4ecea83984f SHA-1: de2dd53858d446a872bcd1f3b0e3e993b68b4ce3 SHA-256: 9895de38ae628fbaa16793b32c612cecb22a5553460e445d48e3f12e77d9a72f
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a PDF dropper by ClamAV. It contains an embedded URI pointing to a PDF file hosted on www.gorillawalker.com. The document body is heavily obfuscated and does not provide clear textual lures, but the presence of the external PDF link strongly suggests a download-and-execute attack pattern. The ClamAV detection name 'Pdf.Dropper.Agent-7285155-0' further supports this assessment.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7285155-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7285155-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lords-of-the-atlas-the-rise-and-fall-of-the.pdf
    • http://www.gorillawalker.com/in-the-language-of-kings-an-anthology-of-mesoamerican-literature.pdf
    • http://www.gorillawalker.com/suspicious-minds-songs-remember-when-1-siren-publishing-menage-everlasting.pdf
    • http://www.gorillawalker.com/the-keto-beginning-creating-lifelong-health-and-lasting-weight-loss.pdf
    • http://www.gorillawalker.com/working-the-12-steps-beyond-abundance-gratitude-and-quality-sobriety.pdf
    • http://www.gorillawalker.com/gmo-free-diet-how-to-stay-healthy-by-identifying-and.pdf
    • http://www.gorillawalker.com/dusty-white-eagle-feather.pdf
    • http://www.gorillawalker.com/the-mystery-of-the-missing-antimatter-science-essentials.pdf
    • http://www.gorillawalker.com/early-birdy-gets-the-worm-picture-reader-kindle-edition.pdf
    • http://www.gorillawalker.com/fear-hope-and-bread-pudding-part-of-the-coda-series.pdf
    • http://www.gorillawalker.com/hallowed-murder-a-jane-lawless-mystery-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/catchers-in-the-sky-mission-korea.pdf
    • http://www.gorillawalker.com/the-trial-of-gangster-al-capone-headline-court-cases.pdf
    • http://www.gorillawalker.com/two-meatballs-in-the-italian-kitchen.pdf
    • http://www.gorillawalker.com/integrated-natural-resources-management-linking-productivity-the-environment-and-development.pdf
    • http://www.gorillawalker.com/words-of-advice-regarding-da-wah.pdf
    • http://www.gorillawalker.com/bsc-1005-animal-behavior-a-biological-perspective-sprint-2007.pdf
    • http://www.gorillawalker.com/chekhov-the-cherry-orchard-plays-in-production.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-and-administration-of-the-sacraments.pdf
    • http://www.gorillawalker.com/non-linear-model-based-process-control-applications-in-petroleum-refining.pdf
    • http://www.gorillawalker.com/black-aperture-poems-walt-whitman-award.pdf
    • http://www.gorillawalker.com/the-warrior-who-would-rule-russia-a-profile-of-aleksandr.pdf
    • http://www.gorillawalker.com/mutants-masterminds-rpg-gm-s-kit.pdf
    • http://www.gorillawalker.com/the-statute-law-of-the-bahamas-acts-of-the-general.pdf
    • http://www.gorillawalker.com/the-panzer-soldier.pdf
    • http://www.gorillawalker.com/the-green-zone-the-environmental-costs-of-militarism.pdf
    • http://www.gorillawalker.com/microsoft-asp-net-4-step-by-step-step-by-step.pdf
    • http://www.gorillawalker.com/addicted-to-you-a-one-night-of-passion-novel.pdf
    • http://www.gorillawalker.com/people-under-the-skin-an-irish-immigrant-s-experience-of.pdf
    • http://www.gorillawalker.com/energy-and-sustainable-development-in-mexico-texas-a-m-university.pdf
    • http://www.gorillawalker.com/clinical-studies-in-neuro-psychoanalysis.pdf
    • http://www.gorillawalker.com/a-third-year-in-jerusalem-a-tale-illustrating-customs-and.pdf
    • http://www.gorillawalker.com/christ-s-fulfillment-of-torah-and-temple-salvation-according-to.pdf
    • http://www.gorillawalker.com/the-falkland-islands-as-an-international-problem-routledge-revivals.pdf
    • http://www.gorillawalker.com/flying-giants-of-dinosaur-time-meet-the-dinosaurs.pdf
    • http://www.gorillawalker.com/into-the-unknown-the-evolution-of-science-fiction-from-francis.pdf
    • http://www.gorillawalker.com/amish-table.pdf
    • http://www.gorillawalker.com/van-halen-1978-1984-guitar-play-along-volume-50-hal.pdf
    • http://www.gorillawalker.com/real-estate-sales-is-it-the-career-for-you.pdf
    • http://www.gorillawalker.com/the-ultimate-diabetes-cookbook.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.