Malicious PDF — malware analysis report

Static analysis result for SHA-256 218fd421b6f9bb54…

MALICIOUS

PDF

59.1 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: lice (via ubst)
MD5: b2a595cf90beadbc745f1ea3c0d61f00 SHA-1: 204be783fddeb64c57dca2eaf04867af298c3e1f SHA-256: 218fd421b6f9bb5439b335af5db2fa37cf711f919a24f68ae73616edea1b332c
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF document identified as malicious by ClamAV with the signature 'Pdf.Exploit.Dropped-94'. Static analysis detected embedded JavaScript, indicating an attempt to exploit PDF vulnerabilities. The ML classifier also flagged the file with high confidence. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, which is a common attack pattern for this type of malicious document.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
5fcb61484b25dbf8c92ec67c63dfab20197070be79b0f270683889719fafc15d		 pdf-javascript-stream PDF /JS object 76 at offset 0x955 50598 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.