Malicious PDF — malware analysis report

Static analysis result for SHA-256 2812e40159f99074…

MALICIOUS

PDF

15.2 KB Created: 2010-03-19 20:57:57 Authoring application: Mecitaneueq
MD5: b29502da54140008dec45fe4c5250d71 SHA-1: 56601a9608b747ec650848b16e8789e8c69a0edf SHA-256: 2812e40159f9907495ba19292f851300d6596f5bf2b9417260b6e27d1a6b8893
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF containing embedded JavaScript, as indicated by multiple heuristic firings. The ClamAV detection 'Pdf.Dropper.Agent-7241796-0' strongly suggests its purpose is to drop and execute malicious content. The embedded JavaScript stream, though large, is the likely mechanism for this execution, potentially leading to further stages of infection.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7241796-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7241796-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0020_000.js
7466db5aa9586245f01263a7d3225aeb0691c0484adc9f66313fdad773b49e7c		 pdf-javascript-stream PDF /JS object 20 at offset 0x26B9 2541878 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.