PDF malware analysis — malicious · 3f4541fd800b71b1

MALICIOUS

PDF

1.1 KB

MD5: 9d9d45a925cec55f0b7456cf82c30f08 SHA-1: e8246985f0d58aef7905f6de5a0592be256795c5 SHA-256: 3f4541fd800b71b1cfc25b665174e8ba7f1ef2c467e124252fea408598d89a65

106 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

This PDF document uses a social engineering lure, claiming the user's Adobe Flash Player is outdated, to prompt a download. The embedded JavaScript actions and streams are indicative of malicious intent, likely to execute further stages of an attack. The primary IOC is the URL provided for the download, which is intended to deliver a malicious payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Pdf.Dropper.Agent-7253226-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7253226-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://drive.google.com/uc?export=download&id=0B70ITLgO5DnyUzQ3WWZiQVlzTms

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `6694433a134992c870e3aa70f0708a93709085081968d618cb9f63cfaa2b1a84`	pdf-javascript-stream	PDF /JS object 7 at offset 0x2EE	98 bytes
`javascript_obj0007_001.js` `24c8054ffc6e1fce69a43818caeadeb29e445252ca2f47cd442ef778a338cf42`	pdf-javascript-stream	PDF /JS object 7 at offset 0x2EE	96 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.