PDF malware analysis — malicious · 148c60faf9101013

MALICIOUS

PDF

4.0 KB Created: 2010-10-15 14:23:58 Authoring application: yen vaw

MD5: 8f0cb5ef6fe99c72a526b3ba8f88f0de SHA-1: 21a63e8e6170f2623be832d7e05b432316ebeef9 SHA-256: 148c60faf91010130627460582fbd344e53d62e386825987e6d978c0ae759538

100 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF contains embedded files and is flagged by multiple heuristics, including ClamAV detection as Pdf.Dropper.Agent-7231915-0, indicating it is a dropper. The ML classifier also strongly suggests maliciousness. The embedded files are likely the second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9641

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7231915-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7231915-0
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xci/1.0/
- http://ns.adobe.com/xtd/

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_file_obj0002.bin` `d81baa73e490e4cb879e13927cacd1dd1be37524a37eac51603e15117c578777`	pdf-embedded-file	PDF EmbeddedFile object 2 at offset 0xD91	84 bytes
`embedded_file_obj0008.bin` `24c130f03a4cf51d470b536e94c1e58af67665739e200e0ce198ad41086243c0`	pdf-embedded-file	PDF EmbeddedFile object 8 at offset 0xE42	228 bytes
`embedded_file_obj0019.bin` `c97e0522381d6196cc0695f35f4d065f15c9c86a9601a7f776c6afd3f4c6b460`	pdf-embedded-file	PDF EmbeddedFile object 19 at offset 0xF33	199 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.