Pdf.Dropper.Agent-7227267-0 PDF malware analysis — malicious · 0b35e9357ea1f018

MALICIOUS

PDF

22.3 KB

MD5: dd6af48a891a5e1713eabd7ea4a75ae8 SHA-1: 6e8c1ce4f3d792e5559fd0a2b0dfc757ebd9f319 SHA-256: 0b35e9357ea1f018bd718a29ce2bf0fb715a9c69d3e0151a3504c63c03eb5873

106 Risk Score

Malware Insights

Pdf.Dropper.Agent-7227267-0 · confidence 95%

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF contains embedded JavaScript, indicating an attempt to execute malicious code upon opening. The ML classifier and ClamAV detection strongly suggest this is a dropper, likely intended to download and execute a second-stage payload. The presence of JavaScript points to T1059.007, and the overall dropper functionality aligns with exploitation for client execution (T1203). Given it's a PDF, spearphishing attachment (T1566.001) is the most probable initial access vector.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7227267-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7227267-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.