Pdf.Dropper.Agent-1828697 — PDF malware analysis

Static analysis result for SHA-256 3e2498f9fee85efd…

MALICIOUS

PDF

9.3 KB
MD5: 530fdddcdbecee27152fa946529c874d SHA-1: 08b5ad1766d8b281844d19e7f6607fb0c0461efc SHA-256: 3e2498f9fee85efd12292974ec6bf9af847f5545d944e7526bb70f9903363acb
76 Risk Score

Malware Insights

Pdf.Dropper.Agent-1828697 · confidence 95%

MITRE ATT&CK
T1059.001 JavaScript/JScript

The critical ClamAV heuristic identified the file as Pdf.Dropper.Agent-1828697. Low-severity heuristics indicate the presence of embedded JavaScript within the PDF structure. The embedded JavaScript stream is the likely mechanism for executing the malicious payload, consistent with a dropper's function.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-1828697 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-1828697
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0069_000.js
e603ca03ec40db7910c20a44f98862f457aab37b456bfaeae5c630a8afc96481		 pdf-javascript-stream PDF /JS object 69 at offset 0x1BE 16645 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.