Malicious PDF — malware analysis report

Static analysis result for SHA-256 dbea428a76315809…

MALICIOUS

PDF

18.3 KB Created: 2019-04-29 23:02:20 +01:00 Authoring application: mPDF 5.7
MD5: f3e8ea732506606e29d0bbc8f13d8af5 SHA-1: ede832943208a7a6d677657c56c6b6aa75e5e09c SHA-256: dbea428a76315809f71d0354a6e8b3554f2e4fea5ace2c5131ef00dcef7b4241
70 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The ClamAV heuristic identified this PDF as a dropper, and it contains multiple embedded URLs that likely serve as download locations for malicious payloads. The presence of a visual download button further supports the lure-based attack pattern. No scripts were extracted, limiting the ability to determine the exact execution flow.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7330830-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7330830-0
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a08a07a09a02a06/Dark-Embrace-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/4a09a05a06a09a04/Golden-Healer-Dark-Enchantress-The-Stregoni-Sequence-1-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/1a00a09a06a03a01/Bloodmaiden-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/1a00a02a09a01a02a07/The-Chronicles-of-the-Mira-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/1a00a06a06a09a08a04/One-Starry-Knight-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/4a09a05a05a02a09/The-Crystal-Rings-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/1a00a06a07a01a04a09/In-the-Land-of-Giants-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/1a00a09a08a00a09a00/The-Adventures-of-William-the-Brownie-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/2a08a09a02a03a00/The-Prism-of-Ashlai-The-Gailean-Quartet-1-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/3a01a07a03a00a07/Lily-in-the-Snow-and-Other-Elemental-Tales-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/1a00a06a07a02a08a04/The-Hero-Chronicles-A-Complete-Collection-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/2a02a03a02a05a03/Silent-Hero-A-Tribute-to-The-Legend-of-Zelda-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/2a08a09a02a03a02/The-Secret-Sister-and-the-Silver-Knight-The-Hero-Chronicles-4-by-Christine-E-Schulze.pdf
    • http://muicuiu.dumb1.com/1a01a01a00a01a05a00/Friedrich-Gottlob-Schulze-G-vernitz-Gr-nder-Und-Erster-Direktor-Der-Landwirthschaftlichen-Akademien-Zu-Jena-Und-Eldena-Ein-Lebensbild-Gezeichnet-Und-ALS-Festgabe-Dargebracht-Zur-Enth-llungsfeier-Des-Schulze-Denkmals-in-Jena-by-Hermann-Johann-Friedrich-Schulze.pdf
    • http://muicuiu.dumb1.com/5a09a03a05a03a01/Dark-Embrace-Dark-Paradise-4-by-Angie-Sandro.pdf
    • http://muicuiu.dumb1.com/3a00a03a02a04a05/His-Dark-Embrace-by-Amanda-Ashley.pdf
    • http://muicuiu.dumb1.com/1a07a02a05a01a02/Dark-Dreamers-Dark-6-5-Dirk-amp-Steele-4-by-Christine-Feehan.pdf
    • http://muicuiu.dumb1.com/2a00a06a01a02a05/Kade-s-Dark-Embrace-Immortals-of-New-Orleans-1-by-Kym-Grosso.pdf
    • http://muicuiu.dumb1.com/4a09a02a02a03a06/Embrace-the-Dark-The-Blood-Rose-1-by-Caris-Roane.pdf
    • http://muicuiu.dumb1.com/4a01a01a09a07a01/Night-Embrace-Dark-Hunter-2-by-Sherrilyn-Kenyon.pdf
    • http://muicuiu.dumb1.com/2a08a09a02a03a00/The-Prism-of-Ash

Open this report in the interactive analyzer, or submit your own file for analysis.