PDF malware analysis — malicious · 061e08474e025022

MALICIOUS

PDF

9.5 KB

MD5: d1c1222184e181d9a8e6327170370929 SHA-1: 44e2997c27e09f5c834222fed03c943b43b084b4 SHA-256: 061e08474e0250228ba19a78584d860ec8a64dd8c5c9de65ae8201a55a878476

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, identified by multiple heuristics and ClamAV detection as malicious. The JavaScript is obfuscated but appears to be designed to download and execute a secondary payload, indicated by the 'Pdf.Dropper.Agent-7224576-0' ClamAV signature. This suggests a typical dropper or downloader attack pattern, likely delivered via spearphishing.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7224576-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7224576-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0069_000.js` `339843faece0ab0d1811aea1c0ec9b343692c632e293ac6fec4813c9fcc241ce`	pdf-javascript-stream	PDF /JS object 69 at offset 0x1BE	20134 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.