PDF malware analysis — malicious · 44fb1e33af7db797

MALICIOUS

PDF

47.5 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via substr)

MD5: 9a3a98ccd673806e522d487c47137239 SHA-1: a40630e6215c59f8ecaf5f856390ed7a86287dfc SHA-256: 44fb1e33af7db7975331178dd78d919d7b19fb6406901cdb11599265eff66f77

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

This PDF was flagged as malicious by multiple engines, including ClamAV which identified it as Pdf.Exploit.Dropped-94. The presence of embedded JavaScript, detected by PDF_JAVASCRIPT and PDF_JS heuristics, indicates an attempt to execute malicious code. The ML classifier also strongly indicated maliciousness. The large embedded JavaScript stream suggests it is likely used to download and execute a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `d9b495898b20cdac0535d51a83197d3ce978d255a4ec3e28e9ef16e7fa8c3325`	pdf-javascript-stream	PDF /JS object 76 at offset 0x999	45932 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.