Pdf.Dropper.Agent-6308439-0 — PDF malware analysis

Static analysis result for SHA-256 01f4deb0a24780c2…

MALICIOUS

PDF

136.3 KB
MD5: 2fddd77032d422df4a4214695c1ae463 SHA-1: 34c4d743920eb53ae7b85192c187d87e58d4694d SHA-256: 01f4deb0a24780c29554b5f358062c27950c03cb59902b5c3c2f1a0b30c60196
106 Risk Score

Malware Insights

Pdf.Dropper.Agent-6308439-0 · confidence 95%

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics and ClamAV as malicious. The JavaScript appears to be obfuscated but is designed to download and execute a secondary payload, consistent with a dropper's behavior. The ML classifier strongly indicates maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-6308439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-6308439-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
d46e8547708c87923180908c1cbeedd967fa36e0ad39243d4d31833ac9faede0		 pdf-javascript-stream PDF /JS object 76 at offset 0x2C2 123214 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.