Malicious PDF — malware analysis report

Static analysis result for SHA-256 9d64c6ad94b9cebe…

MALICIOUS

PDF

32.3 KB Created: 2019-09-02 21:06:04 +03:00 Authoring application: Adobe InDesign CS (3.0) (via Adobe PDF Library 6.0)
MD5: 76b98d308cad70881ab7f0864bfbc474 SHA-1: 41315ef54f35b54c4aa4b048d41d13e458dac57b SHA-256: 9d64c6ad94b9cebe8aabf5be01a80808b2042b5bba6653b1773505c35aba6c23
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link T1566.002 Spearphishing Attachment

The ClamAV heuristic indicates this PDF is a dropper, designed to deliver other malware. The embedded URLs, such as http://www.gorillawalker.com/philippians-the-ivp-new-testament-commentary-series.pdf, likely serve as the download locations for this secondary payload. The document body is heavily obfuscated and does not provide clear textual lures, but the presence of numerous book-themed URLs suggests a potential social engineering tactic to disguise the malicious intent.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7175625-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7175625-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/philippians-the-ivp-new-testament-commentary-series.pdf
    • http://www.gorillawalker.com/batman-hush-volume-two-batman-dc-comics-hardcover.pdf
    • http://www.gorillawalker.com/complete-fantasias-of-luys-milan.pdf
    • http://www.gorillawalker.com/zonas-de-fuego-spanish-edition.pdf
    • http://www.gorillawalker.com/simple-lean-six-sigma.pdf
    • http://www.gorillawalker.com/the-dinosaur-plays-three-one-act-plays-the-jh-press.pdf
    • http://www.gorillawalker.com/contemporary-issues-companion-teen-alcoholism-hardcover-edition.pdf
    • http://www.gorillawalker.com/the-dalai-lamas-a-visual-history.pdf
    • http://www.gorillawalker.com/russia-the-culture-lands-peoples-and-cultures.pdf
    • http://www.gorillawalker.com/introduction-to-the-itil-service-lifecycle.pdf
    • http://www.gorillawalker.com/codex-alimentarius-commission-procedural-manual-sixteenth-edition-joint-fao-who.pdf
    • http://www.gorillawalker.com/color-god-love.pdf
    • http://www.gorillawalker.com/adhd-and-teens-natural-treatment-for-the-adhd-child-natural.pdf
    • http://www.gorillawalker.com/entre-escritura-e-imagen-lecturas-de-narrativa-contempor-nea-spanish.pdf
    • http://www.gorillawalker.com/anaesthetic-crisis-manual.pdf
    • http://www.gorillawalker.com/the-children-in-room-e4-american-education-on-trial.pdf
    • http://www.gorillawalker.com/bliss-of-reality.pdf
    • http://www.gorillawalker.com/photo-art-berlin-uk-version-photo-art-by-susanne-sachers.pdf
    • http://www.gorillawalker.com/cohabitation-law-practice-and-precedents.pdf
    • http://www.gorillawalker.com/the-big-picture-the-new-logic-of-money-and-power.pdf
    • http://www.gorillawalker.com/going-the-distance-lesedi-faith-kindle-edition.pdf
    • http://www.gorillawalker.com/oro-y-lujuria-en-fuerte-navidad-spanish-edition.pdf
    • http://www.gorillawalker.com/bundle-garrett-brain-behavior-4e-garrett-study-guide-to-accompany.pdf
    • http://www.gorillawalker.com/project-management-fundamentals-a-practical-overview-of-the-pmbok.pdf
    • http://www.gorillawalker.com/the-deep-democracy-of-open-forums-practical-steps-to-conflict.pdf
    • http://www.gorillawalker.com/homecooked.pdf
    • http://www.gorillawalker.com/the-art-of-drawing-faces-features.pdf
    • http://www.gorillawalker.com/ugly-feelings.pdf
    • http://www.gorillawalker.com/the-ad-makers-how-the-best-tv-commercials-are-produced.pdf
    • http://www.gorillawalker.com/tort-law-and-economics-encyclopedia-of-law-and-economics.pdf
    • http://www.gorillawalker.com/a-bleu-streak-christmas.pdf
    • http://www.gorillawalker.com/kubas-autos-tischkalender-2015.pdf
    • http://www.gorillawalker.com/el-vitral-artes-y-oficios-spanish-edition.pdf
    • http://www.gorillawalker.com/my-book-of-thanks.pdf
    • http://www.gorillawalker.com/terrarios-terrariums-animales-domesticos-domestic-animals-spanish-edition.pdf
    • http://www.gorillawalker.com/taken-by-the-aphrodite-s-devils-mc-taken-by-the.pdf
    • http://www.gorillawalker.com/be-your-own-brand-achieve-more-of-what-you-want.pdf
    • http://www.gorillawalker.com/101-things-to-do-with-rotisserie-chicken-kindle-edition.pdf
    • http://www.gorillawalker.com/kingdom-of-the-sun-god-a-history-of-the-andes.pdf
    • http://www.gorillawalker.com/free-trade-doesn-t-work-what-should-replace-it-and.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.