Malicious PDF — malware analysis report

Static analysis result for SHA-256 98ac5a7abd51443b…

MALICIOUS

PDF

42.1 KB Created: 2018-12-14 20:23:02 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 9.5.5 (Windows))
MD5: 4e424a0a6af8da1cb5c9e9b2b429a0eb SHA-1: 4d90003a9a39ad7cb326675c831ba664bbced2ef SHA-256: 98ac5a7abd51443b383939cb2ae4701f3465a10c373242d1d6fc698a280d36c7
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a malicious PDF dropper by ClamAV. It contains an embedded external URI pointing to a PDF file, which is likely the payload. The document body is heavily obfuscated and does not provide clear textual lures. No scripts were extracted from this sample.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7140596-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7140596-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/there-ain-t-no-black-in-the-union-jack-the.pdf
    • http://www.gorillawalker.com/field-book-of-insects-with-special-reference-to-those-of.pdf
    • http://www.gorillawalker.com/reclaiming-the-future-of-christian-education.pdf
    • http://www.gorillawalker.com/practical-guide-to-mimo-radio-channel-with-matlab-examples.pdf
    • http://www.gorillawalker.com/goat-housing-bedding-fencing-exercise-yards-and-pasture-management-guide.pdf
    • http://www.gorillawalker.com/model-merger-agreement-for-the-acquisition-of-a-public-company.pdf
    • http://www.gorillawalker.com/freshwater-macroinvertebrates-of-northeastern-north-america.pdf
    • http://www.gorillawalker.com/veterinary-drug-encyclopedia-and-therapeutic-index-a-listing-of-new.pdf
    • http://www.gorillawalker.com/hot-isostatic-processing-transactions-of-the-royal-microscopical-society.pdf
    • http://www.gorillawalker.com/odds-against.pdf
    • http://www.gorillawalker.com/combustion-physics.pdf
    • http://www.gorillawalker.com/just-go-leave-the-treadmill-for-a-world-of-adventure.pdf
    • http://www.gorillawalker.com/food-and-agriculture-in-global-perspective-discussions-in-the-committee.pdf
    • http://www.gorillawalker.com/even-this-i-get-to-experience-kindle-edition.pdf
    • http://www.gorillawalker.com/practical-astrology.pdf
    • http://www.gorillawalker.com/tales-of-real-survival.pdf
    • http://www.gorillawalker.com/modern-and-postmodern-mime-modern-dramatists.pdf
    • http://www.gorillawalker.com/the-classic-piano-course-best-known-ballet-themes.pdf
    • http://www.gorillawalker.com/dynamic-business-law-summarized-cases.pdf
    • http://www.gorillawalker.com/roman-gothique-anglais-1764-1824-le-collections-histoire-french-edition.pdf
    • http://www.gorillawalker.com/arranged-marriage-stories.pdf
    • http://www.gorillawalker.com/a-line-crossed-the-line-trilogy-book-2.pdf
    • http://www.gorillawalker.com/seven-slightly-sadistic-stories-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-films-of-gregory-peck.pdf
    • http://www.gorillawalker.com/walking-towards-walden-a-pilgrimage-in-search-of-place.pdf
    • http://www.gorillawalker.com/colposcopia-principios-y-pr.pdf
    • http://www.gorillawalker.com/river-bottom-blues.pdf
    • http://www.gorillawalker.com/vanadium-in-the-environment-chemistry-and-biochemistry-advances-in-environmental.pdf
    • http://www.gorillawalker.com/nordwest-bali-german-edition.pdf
    • http://www.gorillawalker.com/inequality-and-instability-a-study-of-the-world-economy-just.pdf
    • http://www.gorillawalker.com/post-world-war-ii-m-1-helmets-an-illustrated-study.pdf
    • http://www.gorillawalker.com/articles-on-german-banking-and-german-banking-laws.pdf
    • http://www.gorillawalker.com/rutherford-simple-genius-mit-press-classics.pdf
    • http://www.gorillawalker.com/introduction-to-crop-science.pdf
    • http://www.gorillawalker.com/too-much-of-a-good-thing-mass-market-paperback.pdf
    • http://www.gorillawalker.com/performing-africa.pdf
    • http://www.gorillawalker.com/general-anatomy-and-musculoskeletal-system-thieme-atlas-of-anatomy-latin.pdf
    • http://www.gorillawalker.com/sleeping-boy.pdf
    • http://www.gorillawalker.com/the-art-of-loving-the-centennial-edition.pdf
    • http://www.gorillawalker.com/chop-monster-book-1-trumpet-book-with-cd.pdf
    • http://www.gorillawalker.com/goat-housing-bedding-fencing-exercise-ya
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.