Malicious PDF — malware analysis report

Static analysis result for SHA-256 c4ee4054d91423c0…

MALICIOUS

PDF

41.0 KB Created: 2018-12-14 20:34:41 +03:00 Authoring application: -
MD5: 6bee839f202f3487c1ccd02d5d5f3e2f SHA-1: 0880a6d02100db5bf08dde84453dc4f5f77d6732 SHA-256: c4ee4054d91423c07e2343b03fcc454976a2441119144c401b9dcacb6d21679f
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link T1059.001 PowerShell

The ClamAV heuristic identified the file as Pdf.Dropper.Agent-7300830-0, indicating it functions as a dropper. The PDF contains multiple embedded URLs, with the primary one being http://www.gorillawalker.com/wales-world-in-view.pdf. This suggests the document is designed to trick the user into clicking a link that leads to the download of a secondary malicious payload.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7300830-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7300830-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/wales-world-in-view.pdf
    • http://www.gorillawalker.com/soccer-stars-celebrity-secrets.pdf
    • http://www.gorillawalker.com/tahiti-band-ii-german-edition.pdf
    • http://www.gorillawalker.com/the-intimate-enemy-how-to-fight-fair-in-love-and.pdf
    • http://www.gorillawalker.com/l-odyssee-d-asterix.pdf
    • http://www.gorillawalker.com/market-orientalism-cultural-economy-and-the-arab-gulf-states-syracuse.pdf
    • http://www.gorillawalker.com/starting-out-with-alice-a-visual-introduction-to-programming-2nd.pdf
    • http://www.gorillawalker.com/el-mito-del-colesterol-spanish-edition.pdf
    • http://www.gorillawalker.com/i-am-the-secret-teachings-of-the-aramaic-jesus.pdf
    • http://www.gorillawalker.com/travel-guide-to-beijing-chinese-edition.pdf
    • http://www.gorillawalker.com/polish-lonely-planet-phrasebook.pdf
    • http://www.gorillawalker.com/somehow-tenderness-survives-stories-of-southern-africa.pdf
    • http://www.gorillawalker.com/the-hindu-family-and-the-emergence-of-modern-india-law.pdf
    • http://www.gorillawalker.com/futoshiki-9x9-hard-volume-10-276-puzzles.pdf
    • http://www.gorillawalker.com/lee-and-bridgen-s-natural-resources-damage-assessment-deskbook-2d.pdf
    • http://www.gorillawalker.com/fanny-s-futa-threesome-semper-futanari-book-4.pdf
    • http://www.gorillawalker.com/stockholm-city-map.pdf
    • http://www.gorillawalker.com/lost-in-familiar-places-creating-new-connections-between-the-individual.pdf
    • http://www.gorillawalker.com/box-o-tricks-the-pedlar-palmer-story.pdf
    • http://www.gorillawalker.com/weather-2011-with-daily-weather-trivia.pdf
    • http://www.gorillawalker.com/clemson-university-101-my-first-text-board-book.pdf
    • http://www.gorillawalker.com/the-algal-ridges-and-coral-reefs-of-st-croix-their.pdf
    • http://www.gorillawalker.com/the-wrong-kind-of-muslim-an-untold-story-of-persecution.pdf
    • http://www.gorillawalker.com/scenic-driving-virginia-scenic-routes-byways.pdf
    • http://www.gorillawalker.com/design-and-applications-of-analog-integrated-circuits-solid-state-physical.pdf
    • http://www.gorillawalker.com/the-liberation-of-the-african-mind-the-key-to-black.pdf
    • http://www.gorillawalker.com/transatlantic-rebels-agrarian-radicalism-in-comparative-context.pdf
    • http://www.gorillawalker.com/decentralization-and-public-sector-efficiency-a-political-and-institutional-analysis.pdf
    • http://www.gorillawalker.com/cycling-today-part-ii.pdf
    • http://www.gorillawalker.com/the-essential-book-of-sauces-and-dressings.pdf
    • http://www.gorillawalker.com/entering-the-landscape.pdf
    • http://www.gorillawalker.com/una-cabeza-de-caballo-a-horse-head-spanish-edition.pdf
    • http://www.gorillawalker.com/santa-barbara-san-luis-obispo.pdf
    • http://www.gorillawalker.com/moises-alou-latinos-in-baseball.pdf
    • http://www.gorillawalker.com/new-testament-theology-a-new-study-of-the-thematic-structure.pdf
    • http://www.gorillawalker.com/ted-nash-s-studies-in-high-harmonics.pdf
    • http://www.gorillawalker.com/the-principal.pdf
    • http://www.gorillawalker.com/schmeichel-the-autobiography.pdf
    • http://www.gorillawalker.com/mushrooms-2013-calendar.pdf
    • http://www.gorillawalker.com/tus-cuentos-favoritos-sirenita-lechera-7-cabritos-your-favorite-fairytales.pdf
    • http://www.gorillawalker.com/travel-guide-to-beiji
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.