Malicious PDF — malware analysis report

Static analysis result for SHA-256 da9effc5236c15f0…

MALICIOUS

PDF

39.4 KB Created: 2018-11-22 08:02:17 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: c833785df788b3ef0156215bf74fa3a6 SHA-1: 7302ea99ae88465cac1cbdf500136996008477b7 SHA-256: da9effc5236c15f0ee23962a9b80ee838dc1e0e3c97a7347becef48a862f7398
102 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The file was detected as Pdf.Dropper.Agent-7311783-0 by ClamAV. Static analysis identified the document as an advance-fee scam lure, containing language related to lotteries, prizes, and parcel delivery requirements. The embedded URLs likely serve as a distraction or part of the lure, leading to the primary malicious payload.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7311783-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7311783-0
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/finland-northern-scandinavia.pdf
    • http://www.gorillawalker.com/scary-harry-helps-with-infant-binge-drinking.pdf
    • http://www.gorillawalker.com/the-2002-horses-in-the-mist-calendar.pdf
    • http://www.gorillawalker.com/american-dream-and-public-schools.pdf
    • http://www.gorillawalker.com/the-dynamics-of-inheritance-on-the-shakespearean-stage.pdf
    • http://www.gorillawalker.com/chittagong-hill-tracts-living-in-a-borderland.pdf
    • http://www.gorillawalker.com/high-probability-option-credit-spreads.pdf
    • http://www.gorillawalker.com/un-recorrido-por-los-cielos-y-sus-maravillas-spanish-edition.pdf
    • http://www.gorillawalker.com/civic-ritual-in-renaissance-venice.pdf
    • http://www.gorillawalker.com/sharing-silence-meditation-practice-and-mindful-living.pdf
    • http://www.gorillawalker.com/pearls-from-the-golden-cabinet-the-practitioner-s-guide-to.pdf
    • http://www.gorillawalker.com/bob-ross-joy-of-painting-volume-25.pdf
    • http://www.gorillawalker.com/vermeer-and-music-the-art-of-love-and-leisure-national.pdf
    • http://www.gorillawalker.com/the-wars-of-the-papal-states-1492-1517-italian-princes.pdf
    • http://www.gorillawalker.com/men-shealth-real-life-survival-guide.pdf
    • http://www.gorillawalker.com/quantum-computing-explained.pdf
    • http://www.gorillawalker.com/secrets-and-lies-digital-security-in-a-networked-world.pdf
    • http://www.gorillawalker.com/concerto-in-f-major-rv-569-full-score-a8415.pdf
    • http://www.gorillawalker.com/alondra-is-sensual-and-sensual-the-cute-woman.pdf
    • http://www.gorillawalker.com/preludes-book-1-by-claude-debussy-for-solo-piano-1910.pdf
    • http://www.gorillawalker.com/sweet-days-of-discipline-ndp.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-sri-lanka-map-rough-guide-country.pdf
    • http://www.gorillawalker.com/teen-reflections-on-bullying-kindle-edition.pdf
    • http://www.gorillawalker.com/the-electric-kid-an-avon-flare-book.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-paganism.pdf
    • http://www.gorillawalker.com/the-say-it-with-charts-complete-toolkit-1st-first-editon.pdf
    • http://www.gorillawalker.com/eurythmy-and-the-impulse-of-dance.pdf
    • http://www.gorillawalker.com/see-saw-swings-exercises-to-improve-tone-technique-note-reading.pdf
    • http://www.gorillawalker.com/the-secret-legacy.pdf
    • http://www.gorillawalker.com/choosing-the-future-for-american-juvenile-justice-youth-crime-and.pdf
    • http://www.gorillawalker.com/barbara-kraus-carbohydrate-guide-1981-a-signet-book.pdf
    • http://www.gorillawalker.com/five-second-seduction-dirty-tricks-5-ugly-stick-saloon-kindle.pdf
    • http://www.gorillawalker.com/czech-point-keys-to-lucrative-property-investment-how-to-buy.pdf
    • http://www.gorillawalker.com/end-of-equality-manifestos-for-the-21st-century.pdf
    • http://www.gorillawalker.com/classic-tamil-brahmin-cuisine-pure-traditional-cooking-from-my-grandmother.pdf
    • http://www.gorillawalker.com/handbook-of-thermodynamic-tables-and-charts.pdf
    • http://www.gorillawalker.com/captive-of-desire-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/fantastic-football-i-quiz.pdf
    • http://www.gorillawalker.com/the-adventures-of-holly-white-and-the-incredible-sex-machine.pdf
    • http://www.gorillawalker.com/a-girl-s-on-course-survival-guide-to-golf-solid.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.