Pdf.Dropper.Agent-7248796-0 — PDF malware analysis

Static analysis result for SHA-256 368ca24dcf354647…

MALICIOUS

PDF

9.3 KB
MD5: 774dc245755ad3af21f5cb9d6a85a5df SHA-1: f19aaadeaee4e4326e410514e6524820a2511b9f SHA-256: 368ca24dcf354647565ee214b2dc00c94e1cfb0e360238339487a65512fba61f
76 Risk Score

Malware Insights

Pdf.Dropper.Agent-7248796-0 · confidence 95%

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection further confirms its malicious nature, identifying it as Pdf.Dropper.Agent-7248796-0. The embedded JavaScript is the primary mechanism for executing malicious actions, such as downloading and running additional malware. The lack of readable document body text means the rationale is based solely on the technical indicators.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7248796-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7248796-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0069_000.js
8af053b6a606370b6ff4a97fdc3103a9b8b837c6b8e5b809be09151c1376f402		 pdf-javascript-stream PDF /JS object 69 at offset 0x1BE 17968 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.