MALICIOUS
114
Risk Score
Malware Insights
MITRE ATT&CK
T1059.007 JavaScript
T1203 Exploitation for Client Execution
T1566.001 Spearphishing Attachment
The critical ClamAV detection and high ML score indicate malicious intent. The embedded JavaScript, identified by PDF_JAVASCRIPT and PDF_JS heuristics, is the primary mechanism for exploitation. This script likely acts as a downloader for further malicious content, aligning with the 'Pdf.Dropper.Agent-7225171-0' classification. The document's purpose is to exploit a client execution vulnerability via a spearphishing attachment.
Machine Learning
- Nyx PDF Classifier malicious score 0.9987
Heuristics 4
-
ClamAV: Pdf.Dropper.Agent-7225171-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7225171-0
-
JavaScript action low PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Optional Content Group with action trigger low PDF_OPTIONAL_CONTENTOptional Content Group (layer) co-occurs with an action trigger — content can be selectively hidden from viewers or scanners while the action still fires on open
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0024_000.js64d6a217bd0a4a00d9c9e86b6f5b4d8ffb89fa3b9626b9d5f2863a65c5b91231 |
pdf-javascript-stream | PDF /JS object 24 at offset 0x41BB | 21376 bytes |
stream_007_off000041bb.bin5b059b9e3ceb343555487374c4b280c051cdb4f68f6a162a29b534c22f3ccc38 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x41BB | 10687 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.