PDF malware analysis — malicious · 26cd71b9562f5a29

MALICIOUS

PDF

47.2 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via substr)

MD5: 01e4f504d3a9be6715e0552ae16d9709 SHA-1: 9ed07b5969eaf41dad1a23792bec4129fb832afa SHA-256: 26cd71b9562f5a294ce223fdb9b7d9f11c55168d5485bd63ae6d801150b75834

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF containing embedded JavaScript, flagged by multiple heuristics and a machine learning classifier as malicious. ClamAV identifies it as Pdf.Exploit.Dropped-94, indicating it's a known exploit dropper. The embedded JavaScript, which is substantial in size, is the likely mechanism for delivering the exploit and subsequent payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `bce8de22ff79ed6eb76f6f95af561b273bf8a6f69c0767b6d912d8a4a4d5e43f`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99C	45555 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.