MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
This PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically identified as a dropper. It contains embedded PDF files, suggesting a multi-stage attack where the initial PDF serves as a container for further malicious content. The presence of embedded files and the 'Pdf.Dropper.Agent-7239486-0' detection strongly indicate its role in delivering other malware.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 3
-
ClamAV: Pdf.Dropper.Agent-7239486-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7239486-0
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
-
Remote GoTo action info PDF_GOTO_REMOTEPDF has GoToR/GoToE actions that reference sibling document files — typical of multi-part document bundles
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
magellanic_venus_657.pdf48bb87feca1efede6a3e8399a9ff2fb1de82ff7c00d6917450063beede0f87e4 |
pdf-embedded-file | PDF EmbeddedFile object 7 at offset 0x36A | 5098 bytes |
magellanic_venus_657_1.pdfb2095ab7e3910032302050b3dc9ca71d0d408905c1b309d179ede898f3eb54db |
pdf-embedded-file | PDF EmbeddedFile object 7 at offset 0x36A | 5758 bytes |
magellanic_venus_657_2.pdfb6b4154fc08ad89224509979da2deaa470a3ee03869ec84c79a821070f9807be |
pdf-embedded-file | PDF EmbeddedFile object 7 at offset 0x36A | 6422 bytes |
magellanic_venus_657_3.pdf6a76a4b392510a6ae29898830899433579645a334b086f6c02d62bad049a4026 |
pdf-embedded-file | PDF EmbeddedFile object 7 at offset 0x36A | 7087 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.