PDF malware analysis — malicious · 013a58af428167e4

MALICIOUS

PDF

13.7 KB Created: 2010-03-20 06:46:51 Authoring application: Vecavaytabaf (via Miuitivmide)

MD5: e78b983cb116765ae9e461d7532fb35c SHA-1: 34f00525c3edce4dfbd52476a93d4d4d64077814 SHA-256: 013a58af428167e439516c3a9180ae9e72d7920d0ff0cacb0cf85d00a7b48f13

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Dropper.Agent-7221997-0'. Embedded JavaScript was detected, which is often used in malicious PDFs to exploit vulnerabilities or deliver further payloads. The script's obfuscated nature and its attempt to manipulate document properties suggest it's part of a malicious chain, likely aimed at tricking the user into revealing information or downloading additional malware.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7221997-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7221997-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0022_000.js` `d0086801914360c9562692fd54232653b3246ebc45b9c890cc55e254beabe54e`	pdf-javascript-stream	PDF /JS object 22 at offset 0x304A	2178 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.