Malicious PDF — malware analysis report

Static analysis result for SHA-256 bf9e6e1d5cd8f97b…

MALICIOUS

PDF

43.3 KB Created: 2018-12-07 18:28:18 +03:00 Authoring application: Acrobat PDFMaker 9.1 для Word (via Adobe PDF Library 9.0)
MD5: 4ef84e53594fa659f0d3c19e11d2bb9b SHA-1: d3291d685e46faf3bf589158ef9f5c9a91520be1 SHA-256: bf9e6e1d5cd8f97bad1dcebd6eec299730f77a6ae0bc69218bca4072b9fcd644
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a PDF dropper by ClamAV. It contains multiple embedded URLs pointing to PDF files on the domain gorillawalker.com. One of these URLs, http://www.gorillawalker.com/your-book-of-table-tennis-the-your-book-series.pdf, is explicitly flagged as an external URI. This suggests the primary function of this PDF is to redirect the user to download another malicious PDF.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7298545-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7298545-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/your-book-of-table-tennis-the-your-book-series.pdf
    • http://www.gorillawalker.com/construction-building-technology.pdf
    • http://www.gorillawalker.com/best-colleges-2015-kindle-edition.pdf
    • http://www.gorillawalker.com/sawman-werebear-saw-bears-book-4.pdf
    • http://www.gorillawalker.com/moleskine-2016-star-wars-limited-edition-daily-planner-12-month.pdf
    • http://www.gorillawalker.com/the-no-homework-women-s-bible-study-group-hug-v.pdf
    • http://www.gorillawalker.com/toilet-tales-hilarious-embarrassing-true-stories-of-bathroom-humor.pdf
    • http://www.gorillawalker.com/live-to-tell.pdf
    • http://www.gorillawalker.com/the-people-s-voice-local-radio-and-television-in-europe.pdf
    • http://www.gorillawalker.com/major-incident-medical-management-and-support-the-practical-approach-in.pdf
    • http://www.gorillawalker.com/culpeper-s-herbal-over-400-herbs-and-their-uses.pdf
    • http://www.gorillawalker.com/inspiring-words-love-s-journey.pdf
    • http://www.gorillawalker.com/british-landscape-painting.pdf
    • http://www.gorillawalker.com/prentice-hall-math-algebra-2-student-edition.pdf
    • http://www.gorillawalker.com/contagious-emotions-staying-well-when-someone-you-love-is-depressed.pdf
    • http://www.gorillawalker.com/beautiful-lego-3-wild.pdf
    • http://www.gorillawalker.com/india-s-military-modernization-strategic-technologies-and-weapons-systems-oxford.pdf
    • http://www.gorillawalker.com/101-unuseless-japanese-inventions.pdf
    • http://www.gorillawalker.com/the-crafter-s-seeds-2015-top-unofficial-minecraft-seeds-maps.pdf
    • http://www.gorillawalker.com/key-concepts-in-urban-geography-key-concepts-in-human-geography.pdf
    • http://www.gorillawalker.com/making-good-law-and-moral-regulation-in-canada-1867-1939.pdf
    • http://www.gorillawalker.com/6-for-kicks-staff-report-product-service-evaluation-an-article.pdf
    • http://www.gorillawalker.com/the-alchemical-body-siddha-traditions-in-medieval-india.pdf
    • http://www.gorillawalker.com/riddled-with-life-friendly-worms-ladybug-sex-and-the-parasites.pdf
    • http://www.gorillawalker.com/the-essential-husserl-basic-writings-in-transcendental-phenomenology-studies-in.pdf
    • http://www.gorillawalker.com/dierks-bentley-modern-day-drifter.pdf
    • http://www.gorillawalker.com/rich-s-a-southern-institution-landmarks.pdf
    • http://www.gorillawalker.com/york-s-adventures-with-lewis-and-clark-an-african-american.pdf
    • http://www.gorillawalker.com/socratic-satire-an-essay-on-diderot-and-le-neveu-de.pdf
    • http://www.gorillawalker.com/punto-cr-tico-spanish-edition.pdf
    • http://www.gorillawalker.com/cyberculture-cyborgs-and-science-fiction-consciousness-and-the-posthuman-consciousness.pdf
    • http://www.gorillawalker.com/alle-synderes-konge-danish-edition.pdf
    • http://www.gorillawalker.com/the-image-of-law-deleuze-bergson-spinoza-cultural-memory-in.pdf
    • http://www.gorillawalker.com/das-grab-meiner-schwester-german-edition.pdf
    • http://www.gorillawalker.com/highland-etling-string-quartet-series-set-1-sheet-music.pdf
    • http://www.gorillawalker.com/linux-in-depth.pdf
    • http://www.gorillawalker.com/the-elements-of-expression-putting-thoughts-into-words.pdf
    • http://www.gorillawalker.com/have-his-carcase-bbc-radio-4-full-cast-dramatisation-starring.pdf
    • http://www.gorillawalker.com/reality-through-the-arts-8th-edition.pdf
    • http://www.gorillawalker.com/the-poet-s-eye-selected-poetry.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.