Pdf.Dropper.Agent-7293198-0 — PDF malware analysis

Static analysis result for SHA-256 aefc151e3f585e65…

MALICIOUS

PDF

42.8 KB Created: 2018-11-23 08:05:12 +03:00 Authoring application: Acrobat PDFMaker 10.1 для Word (via Adobe PDF Library 10.0)
MD5: 8cbeb5a344792a7ada3846ab9e9c4beb SHA-1: bb2896de2ca2578e335cd74d093b82e181bf4015 SHA-256: aefc151e3f585e6583183a17db10f0028b3d45b75d2fc3ae12a5ea79436314a4
70 Risk Score

Malware Insights

Pdf.Dropper.Agent-7293198-0 · confidence 90%

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, identified by the PDF_JAVASCRIPT heuristic. This script is likely responsible for downloading a secondary payload, as indicated by the presence of external URIs pointing to PDF files on www.gorillawalker.com. The ClamAV detection name 'Pdf.Dropper.Agent-7293198-0' further supports the dropper functionality. The primary IOC is the URL from which the payload is likely to be downloaded.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7293198-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7293198-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/libro-de-jugadas-de-los-entrenadores-de-la-nba-nba.pdf
    • http://www.gorillawalker.com/trigonometry-and-the-elementary-transcendental-functions.pdf
    • http://www.gorillawalker.com/enchanted-time-timeswept.pdf
    • http://www.gorillawalker.com/popular-mechanics-workshop-table-saw-fundamentals-the-complete-guide.pdf
    • http://www.gorillawalker.com/what-are-they-saying-about-the-grace-of-christ.pdf
    • http://www.gorillawalker.com/at-her-mercy-a-female-domination-story.pdf
    • http://www.gorillawalker.com/kenny-s-window.pdf
    • http://www.gorillawalker.com/biology-and-paleobiology-of-ostracoda.pdf
    • http://www.gorillawalker.com/the-hidden-places-of-norfolk-including-the-norfolk-broads-hidden.pdf
    • http://www.gorillawalker.com/unknown-amazon.pdf
    • http://www.gorillawalker.com/masters-of-surf-photography-ted-grambeau.pdf
    • http://www.gorillawalker.com/the-duke-and-the-baron-absolute-surrender.pdf
    • http://www.gorillawalker.com/consciously-creating-circumstances.pdf
    • http://www.gorillawalker.com/wings-over-the-yukon-a-photographic-history-of-yukon-aviation.pdf
    • http://www.gorillawalker.com/die-vernichteten-eleria-trilogie-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/robert-s-rules-of-order-quick-study-business.pdf
    • http://www.gorillawalker.com/anxiety-and-panic-attacks-teen-mental-health.pdf
    • http://www.gorillawalker.com/matt-s-kitchen-garden-cookbook.pdf
    • http://www.gorillawalker.com/bound-volume-1.pdf
    • http://www.gorillawalker.com/minamata-pollution-and-the-struggle-for-democracy-in-postwar-japan.pdf
    • http://www.gorillawalker.com/the-computational-beauty-of-nature-computer-explorations-of-fractals-chaos.pdf
    • http://www.gorillawalker.com/horse-safety-horse-illustrated-simple-solutions.pdf
    • http://www.gorillawalker.com/ruins-of-desert-cathay-personal-narrative-of-explorations-in-central.pdf
    • http://www.gorillawalker.com/cna-nursing-jobs-the-job-getting-formula-for-nurses-seeking.pdf
    • http://www.gorillawalker.com/pocket-eyewitness-dinosaurs.pdf
    • http://www.gorillawalker.com/time-resolved-electron-diffraction-for-chemistry-biology-and-material-science.pdf
    • http://www.gorillawalker.com/florida-test-prep-practice-test-book-fcat-2-0-reading.pdf
    • http://www.gorillawalker.com/papier-mache-project-book.pdf
    • http://www.gorillawalker.com/storey-s-guide-to-raising-chickens-care-feeding-facilities.pdf
    • http://www.gorillawalker.com/neath-rfc-1871-1945-images-of-sport.pdf
    • http://www.gorillawalker.com/the-a-to-z-of-the-puritans-the-a-to.pdf
    • http://www.gorillawalker.com/a-boy-named-jesus.pdf
    • http://www.gorillawalker.com/beyond-the-logo-kindle-edition.pdf
    • http://www.gorillawalker.com/still-worlds-collide-philip-wylie-and-the-end-of-the.pdf
    • http://www.gorillawalker.com/javascript-and-ajax-for-dummies.pdf
    • http://www.gorillawalker.com/99-thoughts-about-guys-for-girls-eyes-only.pdf
    • http://www.gorillawalker.com/dictionary-of-statistics-methodology-a-nontechnical-guide-for-the-social.pdf
    • http://www.gorillawalker.com/sun-and-moon-solar-system.pdf
    • http://www.gorillawalker.com/warpaint-colors-and-markings-of-british-army-vehicles-1903-2003.pdf
    • http://www.gorillawalker.com/kindle-fire-tips-and-tricks-how-to-unlock-the-true.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.