PDF malware analysis — malicious · 4a009fc0eacab39b

MALICIOUS

PDF

59.0 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via ubst)

MD5: dea584191efe60a3f8411c5d147d3748 SHA-1: 55c20360407630f72538d0f577cf56082173f304 SHA-256: 4a009fc0eacab39bc93f45847c33d849be2b22abb48c6bc29f6fe70462022090

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF document identified as malicious by ClamAV (Pdf.Exploit.Dropped-94) and a machine learning classifier. Heuristics indicate the presence of JavaScript actions and embedded JS streams, suggesting the PDF is designed to exploit vulnerabilities and execute code. The large embedded JavaScript object further supports this, likely serving as a downloader for a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `30bc8773be199f789eaee51185d3c83ed3038fb950231ce5a08806bb3affcdbd`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99A	50403 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.