Malicious PDF — malware analysis report

Static analysis result for SHA-256 25db9f0ad61a683f…

MALICIOUS

PDF

11.5 KB
MD5: 965a29623fa44737847170641d4cef5f SHA-1: 8d0d6e6e88480a29ebd8a39a3ab841d964d25fbe SHA-256: 25db9f0ad61a683f54477d89c82cc2be9b3999c88c55642bcd9aa3da479beb34
78 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was detected by ClamAV as Pdf.Dropper.Agent-9448231-0, indicating it is a dropper. Heuristics indicate the presence of embedded JavaScript, which is commonly used by such droppers to download and execute further malicious content. The obfuscated nature of the document body prevents a more specific analysis of the lure, but the presence of JavaScript strongly suggests a payload delivery mechanism.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-9448231-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9448231-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSEOF. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0045_000.js
5823e2118a6a90ae1f8a5b00bbdd5812e889171a8a744088acd6ef8528ccb55c		 pdf-javascript-stream PDF /JS object 45 at offset 0x193 28051 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.