Malicious PDF — malware analysis report

Static analysis result for SHA-256 1fe9246c57175bc8…

MALICIOUS

PDF

10.2 KB
MD5: e9a5ad1b0172cc3b0175f2afb7d82cb9 SHA-1: 65a2e5a81381afa2bd463096d57ccaa006a8633a SHA-256: 1fe9246c57175bc8295b4df54bc31c329a6b6f96b111579a360da318533a2c59
110 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is identified as a malicious PDF by ClamAV and an ML classifier. Embedded JavaScript, detected via heuristics, is likely responsible for downloading and executing a second-stage payload. The specific JavaScript content was too large to include here, but its presence strongly indicates a dropper or downloader functionality.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7237605-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7237605-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSEOF. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0069_000.js
d22abe7314fcb35feeedb57c8829cbff80952354d9d4f5f76827e53d2f177c57		 pdf-javascript-stream PDF /JS object 69 at offset 0x1BE 25518 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.