Pdf.Dropper.Agent-7228317-0 — PDF malware analysis

Static analysis result for SHA-256 0d6d126d5c5885d2…

MALICIOUS

PDF

27.6 KB
MD5: 66ac7f4298aa0ab555cd65256d29ad04 SHA-1: 3f1c401ca626b09c054601dd9eda5b34b079b0a1 SHA-256: 0d6d126d5c5885d2ecf800d9a6cd9929e8f8cbe08355a9e78127c9a17251dd4a
106 Risk Score

Malware Insights

Pdf.Dropper.Agent-7228317-0 · confidence 99%

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

This PDF was flagged by multiple heuristics, including a high-confidence ML classifier and ClamAV detection, indicating malicious intent. The presence of embedded JavaScript actions and streams strongly suggests that the PDF is designed to execute code, likely to download and run a second-stage payload. The overall behavior points to a dropper functionality, commonly delivered via spearphishing attachments.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7228317-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7228317-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.