PDF malware analysis — malicious · 186f446009885edb

MALICIOUS

PDF

17.4 KB Authoring application: qejefetijesi

MD5: 53ebb899550048b0d8be56b6360aa286 SHA-1: bf16f2be5bf6df4eaf59d68951d9d812a559bce2 SHA-256: 186f446009885edbfae26691ee68f691e1dcbb67af2973f38003c1e17f381759

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, identified by multiple heuristics and ClamAV detection as malicious. The JavaScript is heavily obfuscated but appears to be designed to download and execute a secondary payload, indicated by the 'Pdf.Dropper.Agent-7234003-0' ClamAV signature. The ML classifier also strongly flags this PDF as malicious.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7234003-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7234003-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0024_000.js` `bee1dcf48230ffdde955fe21629b4f93f8e549a65a5ce44491069f4af45c9673`	pdf-javascript-stream	PDF /JS object 24 at offset 0x3BA4	36268 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.