Malicious PDF — malware analysis report

Static analysis result for SHA-256 45154f79d1df63e7…

MALICIOUS

PDF

16.2 KB Created: 2019-04-30 04:31:54 +01:00 Authoring application: mPDF 5.7
MD5: dd016f2dc692e8d7ce2d0d33fc99f0e9 SHA-1: 79855dbacbb62b3a4fe1603eb8439ba60552a022 SHA-256: 45154f79d1df63e72e024cb58bc587549bce551f7ff01609a80caf3174acabde
70 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link

The file is identified as a malicious PDF dropper by ClamAV. It contains embedded URLs, one of which is http://muicuiu.dumb1.com/4a05a06a07a09/Walking-Across-Egypt-by-Clyde-Edgerton.pdf. The presence of a 'SE_DOWNLOAD_BUTTON' heuristic suggests a user-facing lure to initiate a download. The document body, though heavily obfuscated, also contains references to URLs, reinforcing the dropper functionality.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7102112-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7102112-0
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a05a06a07a09/Walking-Across-Egypt-by-Clyde-Edgerton.pdf
    • http://muicuiu.dumb1.com/8a00a08a00a05a04/Mau-Mau-by-Robert-B-Edgerton.pdf
    • http://muicuiu.dumb1.com/8a08a04a06a09a01/The-Grail-and-the-Ring-by-Teresa-Edgerton.pdf
    • http://muicuiu.dumb1.com/1a02a01a08a02a03/Hooked-Write-Fiction-That-Grabs-Readers-at-Page-One-amp-Never-Lets-Them-Go-by-Les-Edgerton.pdf
    • http://muicuiu.dumb1.com/5a01a05a09a09a07/The-Heritage-Of-Giotto-s-Geometry-Art-And-Science-On-The-Eve-Of-The-Scientific-Revolution-by-Samuel-Y-Edgerton-Jr-.pdf
    • http://muicuiu.dumb1.com/3a08a05a02a08a08/The-Fall-of-the-Asante-Empire-The-Hundred-Year-War-for-Africa-s-Gold-Coast-by-Robert-B-Edgerton.pdf
    • http://muicuiu.dumb1.com/1a07a06a04a01a06/The-Stowaway-by-Clyde-Edwards.pdf
    • http://muicuiu.dumb1.com/4a00a01a00a07a01/Applebet-An-ABC-by-Clyde-Watson.pdf
    • http://muicuiu.dumb1.com/2a09a09a00a06/As-Big-as-the-West-by-Clyde-A-Milner-III.pdf
    • http://muicuiu.dumb1.com/1a04a06a02a02/Benito-by-Clyde-Robert-Bulla.pdf
    • http://muicuiu.dumb1.com/4a04a09a09a00a02/The-Chalk-Box-Kid-by-Clyde-Robert-Bulla.pdf
    • http://muicuiu.dumb1.com/2a07a09a06a01/Cowardly-Clyde-by-Bill-Peet.pdf
    • http://muicuiu.dumb1.com/1a01a09a02a08a04/Memories-With-Maya-by-Clyde-DeSouza.pdf
    • http://muicuiu.dumb1.com/2a08a07a02a08a05/Bossy-amp-Clyde-by-Jaid-Black.pdf
    • http://muicuiu.dumb1.com/2a05a05a03a05a06/Father-Fox-s-Pennyrhymes-by-Clyde-Watson.pdf
    • http://muicuiu.dumb1.com/1a04a02a07a00/Shoeshine-Girl-by-Clyde-Robert-Bulla.pdf
    • http://muicuiu.dumb1.com/4a00a02a03a03a09/The-Sword-in-the-Tree-by-Clyde-Robert-Bulla.pdf
    • http://muicuiu.dumb1.com/3a08a06a02a06a02/Blindsided-Jane-Candiotti-2-by-Clyde-Phillips.pdf
    • http://muicuiu.dumb1.com/3a03a06a04a04a00/A-Promise-to-Kill-Clyde-Barr-2-by-Erik-Storey.pdf
    • http://muicuiu.dumb1.com/3a08a03a06a09a07/Nothing-Short-of-Dying-Clyde-Barr-1-by-Erik-Storey.pdf
    • http://muicuiu.dumb1.com/1a07a06a04a01a06/The-Stowaway-by-Clyde-

Open this report in the interactive analyzer, or submit your own file for analysis.