Pdf.Dropper.Agent-7227756-0 PDF malware analysis — malicious · 0c152342c80a8adc

MALICIOUS

PDF

37.3 KB Created: 2010-02-25 01:52:28 +03:00 Authoring application: TCPDF (via TCPDF 4.8.032 (http://www.tcpdf.org))

MD5: 3c83af7c4af23c9a5e42c1fb62a8ab61 SHA-1: 5caae0dbc0c0917267fae5d71389ddfd3b4c5c72 SHA-256: 0c152342c80a8adc0eb38e0dd83ba595ea497335265263295ee586fd2219f6f8

114 Risk Score

Malware Insights

Pdf.Dropper.Agent-7227756-0 · confidence 95%

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The file was detected by ClamAV as Pdf.Dropper.Agent-7227756-0 and flagged by an ML classifier as malicious. Embedded JavaScript, identified by multiple heuristics, is present and likely responsible for downloading and executing a secondary payload, a common dropper behavior. The presence of JavaScript actions and streams strongly suggests this malicious functionality.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 4

ClamAV: Pdf.Dropper.Agent-7227756-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7227756-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Optional Content Group with action trigger low PDF_OPTIONAL_CONTENT

Optional Content Group (layer) co-occurs with an action trigger — content can be selectively hidden from viewers or scanners while the action still fires on open

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `df0a36f4d73b2812e57dec209d69f899953c5155ec2e2e05746918dd7bece42e`	pdf-javascript-stream	PDF /JS object 10 at offset 0x70A2	8124 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.