PDF malware analysis — malicious · 3d52e8a629655afc

MALICIOUS

PDF

30.7 KB Created: 2008-11-27 10:13:45 Authoring application: PScript5.dll Version 5.2.2 (via GPL Ghostscript 8.15)

MD5: 8ccc6cc514bd3a50a33fca72569b36f6 SHA-1: 3f707d6dc410dc00971191de2f612996f99c12e3 SHA-256: 3d52e8a629655afc766af977f9eec234bd5bdde9a6072a35ba4c4c2893d6a7d9

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The PDF was identified as malicious by ClamAV with the signature Pdf.Dropper.Agent-6299243-0. Static analysis indicates it's an image-only lure, a common technique to bypass basic content inspection and trick users. No specific delivery mechanism or payload could be determined from the available evidence.

Heuristics 2

ClamAV: Pdf.Dropper.Agent-6299243-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-6299243-0
PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LURE

PDF has 1 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`stream_002_off000049a6.bin` `a88a872c28d831a3e607cc2f6fe087e765b9b74ceb697fa9b63fc35ea88b6012`	decompressed-pdf-stream	PDF FlateDecoded stream at offset 0x49A6	25900 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.