Malicious PDF — malware analysis report

Static analysis result for SHA-256 42bdda457b998607…

MALICIOUS

PDF

11.9 KB
MD5: 987832e403a40f4b6269201b5b621998 SHA-1: 0a044a9b4b7023139b679300c93800ce5d63e4af SHA-256: 42bdda457b9986076c507cf8c6c27e1f2a3f4690d79083e11048ed3bcffde6a7
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript, which is a common technique for delivering malicious payloads. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded JavaScript is likely responsible for downloading and executing a secondary payload, as suggested by the 'Dropper' classification.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7254864-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7254864-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
7076059dc8c2b4582b4a7d867cb2c167c9ebacdda560a1f39b7a9d98b188dbac		 pdf-javascript-stream PDF /JS object 76 at offset 0x2D4 11287 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.