Malicious PDF — malware analysis report

Static analysis result for SHA-256 a211f7f8bfd6128f…

MALICIOUS

PDF

44.6 KB Created: 2018-12-02 10:59:15 +03:00 Authoring application: mPDF 6.0
MD5: 3f70e2082c63777dbf767c449eee3cdd SHA-1: cf646e4221f108a0c790fd9271c3862ee1dc7372 SHA-256: a211f7f8bfd6128fd543c75c87272e8598d88bdd36fb593f5eda489ebe6b5a17
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document identified by ClamAV as Pdf.Dropper.Agent-7288667-0. It contains an embedded URI pointing to an external PDF file. This suggests the document is designed to trick the user into clicking the link and downloading a secondary malicious payload.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7288667-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7288667-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/if-i-can-cure-my-acne-you-can-cure-yours.pdf
    • http://www.gorillawalker.com/awakening-of-a-jehovah-s-witness-escape-from-the-watchtower.pdf
    • http://www.gorillawalker.com/freaky-food-experiments-horrible-science.pdf
    • http://www.gorillawalker.com/co-active-coaching-new-skills-for-coaching-people-toward-success.pdf
    • http://www.gorillawalker.com/highlights-hidden-pictures-volume-4.pdf
    • http://www.gorillawalker.com/coaching-youth-football-how-to-stop-the-power-running-game.pdf
    • http://www.gorillawalker.com/the-zen-environment-the-impact-of-zen-meditation.pdf
    • http://www.gorillawalker.com/all-occasion-guest-book-white-bonded-leather-bonded-leather-guest.pdf
    • http://www.gorillawalker.com/the-color-guide-to-corn-snakes-general-care-and-maintenance.pdf
    • http://www.gorillawalker.com/wet-vignettes-a-private-fountains-mini-book-of-erotica-kindle.pdf
    • http://www.gorillawalker.com/the-aesthetics-and-ethics-of-faith-a-dialogue-between-liberationist.pdf
    • http://www.gorillawalker.com/fire-shut-up-in-my-bones-a-memoir-unabridged-audible.pdf
    • http://www.gorillawalker.com/renaissance-art-and-architecture.pdf
    • http://www.gorillawalker.com/darwin-s-fishes-an-encyclopedia-of-ichthyology-ecology-and-evolution.pdf
    • http://www.gorillawalker.com/chaos-synchronization-and-cryptography-for-secure-communications-applications-for-encryption.pdf
    • http://www.gorillawalker.com/alpine-dictionary-english-german-french-italian-german-edition.pdf
    • http://www.gorillawalker.com/mathematics-for-retail-buying.pdf
    • http://www.gorillawalker.com/how-the-states-got-their-shapes.pdf
    • http://www.gorillawalker.com/the-animator-s-survival-kit-by-williams-richard-e-revised.pdf
    • http://www.gorillawalker.com/intersections-step-by-step-guide-surveying-mathematics-made-simple-volume.pdf
    • http://www.gorillawalker.com/precision-bidding-in-acol.pdf
    • http://www.gorillawalker.com/beyond-the-hebrew-lexicon-manual-workbook-learn-to-do-hebrew.pdf
    • http://www.gorillawalker.com/year-book-of-ease-nose-and-throat-and-maxillofacial-surgery.pdf
    • http://www.gorillawalker.com/contraception-and-abortion-in-nineteenth-century-america-cornell-paperbacks.pdf
    • http://www.gorillawalker.com/amillennialism-today.pdf
    • http://www.gorillawalker.com/temporal-logic-mathematical-foundations-and-computational-aspects-volume-2.pdf
    • http://www.gorillawalker.com/stretching-for-fitness-health-performance-the-complete-handbook-for-all.pdf
    • http://www.gorillawalker.com/metas-goals-como-alcanzar-nuestros-objetivos-con-exito-spanish-edition.pdf
    • http://www.gorillawalker.com/now-i-know-my-phonics-learning-mats-50-double-sided.pdf
    • http://www.gorillawalker.com/cool-school-drama-and-theater-fun-ideas-and-activities-to.pdf
    • http://www.gorillawalker.com/water-baby-the-story-of-alvin.pdf
    • http://www.gorillawalker.com/compounds-with-halogens-and-sulfur-gmelin-handbook-of-inorganic-and.pdf
    • http://www.gorillawalker.com/the-archaeology-of-early-rome-and-latium.pdf
    • http://www.gorillawalker.com/the-stranger-on-the-train-a-novel.pdf
    • http://www.gorillawalker.com/who-was-franklin-roosevelt.pdf
    • http://www.gorillawalker.com/the-discipline-of-nursing-an-introduction.pdf
    • http://www.gorillawalker.com/an-anfield-anthology-articles-and-essays-2000-2008.pdf
    • http://www.gorillawalker.com/british-country-garden-calendar-1998.pdf
    • http://www.gorillawalker.com/police-ethics-the-international-library-of-essays-in-public-and.pdf
    • http://www.gorillawalker.com/six-not-so-easy-pieces-einstein-s-relativity-symmetry-and.pdf
    • http://www.gorillawalker.com/co-active-coaching-new-skills-for-coaching-people-towa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.