PDF malware analysis — malicious · 2d6c99f4f4478169

MALICIOUS

PDF

8.0 KB

MD5: c2c1aee73807d041bda45ad8113e17b2 SHA-1: ca890b4ad9a8d6dda345fdb367ffd9034e6687ab SHA-256: 2d6c99f4f4478169964d59c7482e1d326fff73ad96db248b6459e72eedcf7caf

146 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The PDF contains embedded JavaScript, indicated by multiple heuristic firings including PDF_JAVASCRIPT and PDF_JS. The presence of a high-confidence eval() call and a strong ML classifier score further support its malicious nature. ClamAV detection as Pdf.Dropper.Agent-7244127-0 suggests it acts as a dropper, likely executing the embedded JavaScript to download and run a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Pdf.Dropper.Agent-7244127-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7244127-0
eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.