PDF malware analysis — malicious · 0b95b66a30c7230d

MALICIOUS

PDF

10.4 KB

MD5: 0329470e7048423247b99062da930146 SHA-1: 2396b592ae1a3cdcb8511b8637cb9635536d33e8 SHA-256: 0b95b66a30c7230d82e793db5b3dc395e8621e7953f2a474ce18ab0715d7bc21

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics and identified by ClamAV as Pdf.Dropper.Agent-7227491-0. The JavaScript is heavily obfuscated but its presence and the ML classifier's high confidence indicate it is designed to download and execute a secondary payload. This is a common technique for delivering malware via malicious documents.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7227491-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7227491-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0044_000.js` `d7f50b6f6da4fbdfa06c24c148a1074c927bda94fb53f2d4159a0fea33acad1b`	pdf-javascript-stream	PDF /JS object 44 at offset 0x14C	27270 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.