Malicious PDF — malware analysis report

Static analysis result for SHA-256 d7df20c9d424f940…

MALICIOUS

PDF

43.8 KB Created: 2018-11-21 20:52:53 +03:00 Authoring application: LaTeX with hyperref package (via dvips + ps2pdf)
MD5: 8764af0f5737c31eaa93de70e73232b7 SHA-1: 5afa0adbbf661b4745be238b9201b472047b2e73 SHA-256: d7df20c9d424f94005d90808e106a63c180641056a5402ecf56d0efaeab9b911
70 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is identified as a PDF dropper by ClamAV, indicating its primary function is to deliver malware. The presence of a visual download button lure and embedded URLs further supports this, suggesting the document's intent is to trick users into downloading a secondary payload. The specific URL http://www.gorillawalker.com/a-handbook-for-the-treatment-of-alcoholism-addiction-family-involvement.pdf is the most prominent IOC.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7310295-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7310295-0
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-handbook-for-the-treatment-of-alcoholism-addiction-family-involvement.pdf
    • http://www.gorillawalker.com/death-of-a-crabby-cook-a-food-festival-mystery.pdf
    • http://www.gorillawalker.com/grading-techniques-for-fashion-design-second-edition.pdf
    • http://www.gorillawalker.com/making-peace-with-autism-one-family-s-story-of-struggle.pdf
    • http://www.gorillawalker.com/murder-of-a-stacked-librarian-a-scumble-river-mystery.pdf
    • http://www.gorillawalker.com/the-biology-of-death-origins-of-mortality-comstock-books.pdf
    • http://www.gorillawalker.com/taxi-driver-bfi-film-classics.pdf
    • http://www.gorillawalker.com/initiation-into-hermetics-kindle-edition.pdf
    • http://www.gorillawalker.com/at-twilight-op-39-harp-part-qty-3-a1445.pdf
    • http://www.gorillawalker.com/color-atlas-of-oral-manifestations-of-aids-2e.pdf
    • http://www.gorillawalker.com/organizing-for-life-declutter-your-mind-to-declutter-your-world.pdf
    • http://www.gorillawalker.com/inspire-maths-pupil-book-5a.pdf
    • http://www.gorillawalker.com/nazi-women.pdf
    • http://www.gorillawalker.com/eliot-s-silas-marner-blm-nts-bloom-s-notes.pdf
    • http://www.gorillawalker.com/jataka-tales-51-short-stories-with-moral-illustrated.pdf
    • http://www.gorillawalker.com/biotechnology-a-multi-volume-comprehensive-treatise-vol-4-measuring-modelling.pdf
    • http://www.gorillawalker.com/appletons-annual-cyclopaedia-and-register-of-important-events-volume-15.pdf
    • http://www.gorillawalker.com/the-respiratory-system-how-the-human-body-works.pdf
    • http://www.gorillawalker.com/catalogo-hevia-de-sellos-de-espana-ex-colonias-espanolas-y.pdf
    • http://www.gorillawalker.com/die-kulturperspektive-von-unternehmungen-eine-analyse-aus-wirtschaftspsychologischer-sicht-kolner.pdf
    • http://www.gorillawalker.com/disco-2000.pdf
    • http://www.gorillawalker.com/american-constitutional-law-powers-and-liberties-2015-case-supplement.pdf
    • http://www.gorillawalker.com/assessment-the-cornerstone-of-activity-programs.pdf
    • http://www.gorillawalker.com/costs-in-arbitration-proceedings-dispute-resolution-guides.pdf
    • http://www.gorillawalker.com/tampa-bay-wildlife-a-folding-pocket-guide-to-familiar-plants.pdf
    • http://www.gorillawalker.com/bob-harris-guide-to-stamped-concrete.pdf
    • http://www.gorillawalker.com/22-things-a-woman-must-know-if-she-loves-a.pdf
    • http://www.gorillawalker.com/oase-79-the-architecture-of-james-stirling-1964-1992-a.pdf
    • http://www.gorillawalker.com/sex-murder-and-the-meaning-of-life-a-psychologist-investigates.pdf
    • http://www.gorillawalker.com/the-tatman.pdf
    • http://www.gorillawalker.com/the-fountainhead-kindle-edition.pdf
    • http://www.gorillawalker.com/operating-systems-a-systematic-view-6th-edition.pdf
    • http://www.gorillawalker.com/la-aviaci-n-en-la-guerra-civil-espa-ola-aviation.pdf
    • http://www.gorillawalker.com/forget-me-not.pdf
    • http://www.gorillawalker.com/mga-hayop-na-bibilangin-ni-brian-wildsmith-s-animals-to.pdf
    • http://www.gorillawalker.com/organization-theory-challenges-and-perspectives.pdf
    • http://www.gorillawalker.com/the-dynamics-of-clusters-and-innovation-beyond-systems-and-networks.pdf
    • http://www.gorillawalker.com/filter-the-von-strassenberg-saga-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/new-headway-elementary-student-s-book-and-itutor-pack-general.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-bowhunting-skills-tactics-and-techniques.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.