PDF malware analysis — malicious · 1d214aeb2bf38174

MALICIOUS

PDF

7.5 KB

MD5: d5ec683d6c0b837722f562801cb868f6 SHA-1: 1d57a940458f4671eab6aa2b6274a50d19c4aab6 SHA-256: 1d214aeb2bf38174ba3ad7d1c618f4329b022eef6ae87f2666be7f17d5515968

134 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1566.002 Spearphishing Attachment

The sample is a PDF file flagged by ClamAV as Pdf.Dropper.Agent-7236319-0. Static analysis detected embedded JavaScript and the use of PDF filters (ASCIIHexDecode, ASCII85Decode) often associated with exploit delivery. The ML classifier also strongly indicated maliciousness. The presence of JavaScript suggests the document is designed to download and execute a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

ClamAV: Pdf.Dropper.Agent-7236319-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7236319-0
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.