Malicious PDF / .COM — malware analysis report

Static analysis result for SHA-256 062f97f18930adb3…

MALICIOUS

PDF / .COM

15.2 KB Created: 2010-03-19 20:57:57 Authoring application: Mecitaneueq
MD5: 670a5ce80d7d3702c6c16157d9ac4320 SHA-1: 951354a9fbd0287b54d74fcacc9f9d3bf47eb0ad SHA-256: 062f97f18930adb3567bb537fa29b4218834cac7b3f6e6b42f6c6461d14db58e
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics and ClamAV as malicious. The ML classifier also strongly indicates maliciousness. The embedded JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for malware droppers. The presence of JavaScript points to T1059.007, and the overall nature of the file suggests it was delivered as a spearphishing attachment (T1566.001).

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7407863-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7407863-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0020_000.js
7466db5aa9586245f01263a7d3225aeb0691c0484adc9f66313fdad773b49e7c		 pdf-javascript-stream PDF /JS object 20 at offset 0x26B9 2541878 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.