Malicious PDF — malware analysis report

Static analysis result for SHA-256 30de3ee82b28360e…

MALICIOUS

PDF

5.9 KB
MD5: bfed725bad3ff5587d4b668361e58547 SHA-1: d6a604d0bcd2ca426a18c07b86cf2eb73a6c6df4 SHA-256: 30de3ee82b28360e3d862be3dd7c595e280d202eb8fbaf5dc7e2e039b0f48e97
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The PDF was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Dropper.Agent-7245911-0'. An embedded JavaScript stream was also identified, indicating the likely execution of malicious code. The ML classifier strongly supports the malicious verdict. The primary function appears to be dropping a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7245911-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7245911-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0012_000.js
61b46047f90b888a00e497def64b956f6da2cb6e69e8905a21e0ba446aa10cd0		 pdf-javascript-stream PDF /JS object 12 at offset 0x1518 93 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.