Malicious PDF — malware analysis report

Static analysis result for SHA-256 39516d76c2f59c83…

MALICIOUS

PDF

47.2 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via substr)
MD5: c08740b820ae12e97a0ad229a31a7e32 SHA-1: 1a7a8017e825b21ba57bd5b3b179a71bb1144fb7 SHA-256: 39516d76c2f59c83a2a0396a834ec981f29f719be65f9c818c105b6239b24f93
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 JavaScript

The file was detected by ClamAV as Pdf.Exploit.Dropped-94 and flagged by an ML classifier with high confidence. It contains embedded JavaScript, indicating an attempt to execute malicious code upon opening. The document body appears to be malformed or obfuscated, further suggesting malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
91e2b19b5ee51fb74ed4bac3f487628e8e5be13db731a32357a538e0eeeb9f13		 pdf-javascript-stream PDF /JS object 76 at offset 0x99C 45555 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.