PDF malware analysis — malicious · 30e4069dee0b8055

MALICIOUS

PDF

14.5 KB Created: 2009-11-15 19:41:70 Authoring application: PDF Library 4.3.9 (via PDF Library 3.9.7)

MD5: dfe9fd9c9a89bc723353603b0e32e2ed SHA-1: 9a8eb87ade0c008a8363256c8a761fb15e61d2e3 SHA-256: 30e4069dee0b8055c82973c205fff969f3c1b245051b79398dff84d6487a92c7

166 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The file is identified as a malicious PDF by multiple engines, including ClamAV which detected it as Win.Trojan.Agent-36166. Static analysis revealed embedded JavaScript, indicating an attempt to exploit PDF vulnerabilities. The ML classifier also strongly flagged this PDF as malicious. The embedded JavaScript file, 'javascript_obj0007_000.js', is the primary indicator of malicious activity, likely serving as a downloader or dropper for further malicious payloads.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Win.Trojan.Agent-36166 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36166
JavaScript action low 1 related finding PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `7dc5c922dfce0843670642490906abb564bcd858c73dd59d7d98d328e71baa86`	pdf-javascript-stream	PDF /JS object 7 at offset 0x1A5	75159 bytes
Detection ClamAV: Win.Trojan.Agent-36166 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.