Malicious PDF — malware analysis report

Static analysis result for SHA-256 b7ad1413224d1a1b…

MALICIOUS

PDF

31.2 KB Created: 2019-09-08 11:50:55 +03:00 Authoring application: GPL Ghostscript 8.64 (via Adobe PDF Library 8.0)
MD5: 71cebafb69d4a607f5bf865f28b34cd3 SHA-1: b1ea6816b284c3d619f9092569d8347d0e87addb SHA-256: b7ad1413224d1a1bd3fb4c5bdd91b77022a7160affcc8bcce32e2aedc13409a7
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link

The ClamAV heuristic identified this PDF as a dropper, and multiple external URLs were found embedded within the document. These URLs likely serve as the distribution points for further malicious payloads. The presence of numerous PDF_URI and EMBEDDED_URL heuristics strongly indicates a malicious intent to redirect users to external resources.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7188498-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7188498-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jack-trout-on-strategy.pdf
    • http://www.gorillawalker.com/pregnancy-birth-and-maternity-care-feminist-perspectives-1e.pdf
    • http://www.gorillawalker.com/case-studies-for-understanding-the-human-body.pdf
    • http://www.gorillawalker.com/kenya-a-to-z-children-s-press.pdf
    • http://www.gorillawalker.com/the-waterfall-diet.pdf
    • http://www.gorillawalker.com/conquista-tu-alma-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/sovereignty-indigeneity-and-the-law-south-atlantic-quarterly-spring-2011.pdf
    • http://www.gorillawalker.com/promise-promise-promise-korean-edition.pdf
    • http://www.gorillawalker.com/friction-science-school.pdf
    • http://www.gorillawalker.com/songs-vol-3-high-voice-french-language-edition-kalmus.pdf
    • http://www.gorillawalker.com/beethoven-moonlight-sonata-theme-easy-piano-solo-sheet-music.pdf
    • http://www.gorillawalker.com/great-source-aim-michigan-student-edition-grade-7-level-g.pdf
    • http://www.gorillawalker.com/raw-recipes-for-radiant-living.pdf
    • http://www.gorillawalker.com/vizslas-complete-pet-owner-s-manuals.pdf
    • http://www.gorillawalker.com/the-big-canada-reproducible-activity-book-canada-experience.pdf
    • http://www.gorillawalker.com/franco-corelli-and-a-revolution-in-singing.pdf
    • http://www.gorillawalker.com/touchdowns-the-drew-neilson-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/flower-painting-how-to-paint-free-and-vibrant-watercolors.pdf
    • http://www.gorillawalker.com/relatos-bajo-el-aguacero-una-colecci-n-de-relatos-sucios.pdf
    • http://www.gorillawalker.com/getting-started-in-rebuilding-your-401-k-account.pdf
    • http://www.gorillawalker.com/drugs-runaways-and-teen-prostitution-drug-abuse-prevention-library.pdf
    • http://www.gorillawalker.com/killer-gators-and-crocs-gruesome-encounters-from-across-the-globe.pdf
    • http://www.gorillawalker.com/shyaan-am-tuvan-folk-tales.pdf
    • http://www.gorillawalker.com/legal-aid-taboo-forbidden-erotica.pdf
    • http://www.gorillawalker.com/bienvenidos-a-happyland-un-maravilloso-cuento-de-humor-y-misterio.pdf
    • http://www.gorillawalker.com/the-selected-political-writings-of-john-locke-norton-critical-editions.pdf
    • http://www.gorillawalker.com/lego-ninjago-breakout-chapter-book-8.pdf
    • http://www.gorillawalker.com/unhooked-how-to-quit-anything.pdf
    • http://www.gorillawalker.com/a-little-off-kelter-the-parenting-years.pdf
    • http://www.gorillawalker.com/adobe-premiere-pro-cs5-classroom-in-a-book-paperback-2010.pdf
    • http://www.gorillawalker.com/the-peach-tree-tea-room-cookbook.pdf
    • http://www.gorillawalker.com/church-of-spies-the-pope-s-secret-war-against-hitler.pdf
    • http://www.gorillawalker.com/underground-cures-natural-ways-to-beat-prostate-disease.pdf
    • http://www.gorillawalker.com/tolkien-calendar-2015-the-hobbit.pdf
    • http://www.gorillawalker.com/law-and-ethics-in-coaching-how-to-solve-and-avoid.pdf
    • http://www.gorillawalker.com/fundamentals-of-carpentry-practical-construction.pdf
    • http://www.gorillawalker.com/the-enneagram-intelligences-understanding-personality-for-effective-teaching-and-learning.pdf
    • http://www.gorillawalker.com/the-power-of-the-poor-in-history.pdf
    • http://www.gorillawalker.com/callahan-s-crosstime-saloon-callahan-s-place-series-book-1.pdf
    • http://www.gorillawalker.com/e-b-white-box-set.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.