Malicious PDF — malware analysis report

Static analysis result for SHA-256 cbdcdae11961eed3…

MALICIOUS

PDF

16.5 KB Created: 2019-05-07 04:18:06 +01:00 Authoring application: mPDF 5.7
MD5: 0050ed6fdd375eb2749fff6e85a813ee SHA-1: e8930611b9846fe2d0149d177e8ecafa1d4633a1 SHA-256: cbdcdae11961eed342ef54d60883e73d9889c45381ca4df64b1d6f20c9df5119
70 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF document contains an embedded URI that points to a suspicious domain, identified by ClamAV as Pdf.Dropper.Agent. The presence of a visual download button further suggests a malicious intent to trick the user into downloading a payload. The embedded URL is likely the initial stage of a download and execution chain.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7110493-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7110493-0
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a05a09a06a01a04/Fearless-Part-III-All-American-Monsters-Fearless-3-by-Lauren-Gilley.pdf
    • http://muicuiu.dumb1.com/1a03a04a00a05a05/Fearless-Double-Edition-1-Fearless-1-amp-Lost-25-by-Francine-Pascal.pdf
    • http://muicuiu.dumb1.com/4a07a05a02a05a06/Fearless-Fearless-1-by-Francine-Pascal.pdf
    • http://muicuiu.dumb1.com/5a09a07a09a09a01/Fearless-Fearless-1-by-Amarie-Avant.pdf
    • http://muicuiu.dumb1.com/9a04a01a08a05a07/The-Real-Jack-Paar-by-George-Johnson.pdf
    • http://muicuiu.dumb1.com/8a07a02a09a03a06/Jack-Lark-Redcoat-Jack-Lark-0-7-by-Paul-Fraser-Collard.pdf
    • http://muicuiu.dumb1.com/7a06a01a01a03a05/a-strange-kinda-heaven-on-some-dark-and-sacred-earth-thirteen-short-plays-by-brett-neveu-by-Brett-Neveu.pdf
    • http://muicuiu.dumb1.com/4a01a07a05a03a05/Jan-Brett-s-Snowy-Treasury-by-Jan-Brett.pdf
    • http://muicuiu.dumb1.com/3a03a09a08a07a07/Elizabeth-I-A-Biography-by-Paul-Johnson.pdf
    • http://muicuiu.dumb1.com/1a01a02a03a08a05/Napoleon-A-Life-by-Paul-Johnson.pdf
    • http://muicuiu.dumb1.com/1a00a06a05a01a04a07/The-Offshore-Islanders-by-Paul-Johnson.pdf
    • http://muicuiu.dumb1.com/1a03a08a06a08a08/A-History-of-the-American-People-by-Paul-Johnson.pdf
    • http://muicuiu.dumb1.com/8a02a08a04a06a09/Civil-War-America-1850-1870-by-Paul-Johnson.pdf
    • http://muicuiu.dumb1.com/8a06a09a08a03/Intellectuals-From-Marx-and-Tolstoy-to-Sartre-and-Chomsky-by-Paul-Johnson.pdf
    • http://muicuiu.dumb1.com/6a08a08a05a06/The-Kingdom-of-Matthias-A-Story-of-Sex-and-Salvation-in-19th-Century-America-by-Paul-E-Johnson.pdf
    • http://muicuiu.dumb1.com/5a06a00a03a07a03/Jack-Rivers-and-Me-by-Paul-John-Radley.pdf
    • http://muicuiu.dumb1.com/5a09a04a06a07/The-Dark-at-the-End-Repairman-Jack-15-by-F-Paul-Wilson.pdf
    • http://muicuiu.dumb1.com/1a02a08a09a09a03/Hosts-Repairman-Jack-5-by-F-Paul-Wilson.pdf
    • http://muicuiu.dumb1.com/3a02a03a05a02a09/Jack-the-Ripper-CSI-Whitechapel-by-Paul-Begg.pdf
    • http://muicuiu.dumb1.com/1a03a01a01a02a09/Crisscross-Repairman-Jack-8-by-F-Paul-Wilson.pdf
    • http://muicuiu.dumb1.com/7a06a01a01a03a05/a-strange-kinda-heaven-on-some-dark-and-sacred-earth-thirteen-

Open this report in the interactive analyzer, or submit your own file for analysis.