Pdf.Dropper.Agent-7212580-0 PDF malware analysis — malicious · 4fca0349edbc98c9

MALICIOUS

PDF

10.4 KB Authoring application: null

MD5: 9bbc706053d2eb372264c20ff7a00629 SHA-1: b4f13bf5f4174fd7a7c2a52b21309da8da0b33ce SHA-256: 4fca0349edbc98c9c9f06909267adb20c2ea3171d13f07034151608065c05c0c

116 Risk Score

Malware Insights

Pdf.Dropper.Agent-7212580-0 · confidence 95%

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF contains embedded JavaScript, which is a common technique for executing malicious code within documents. The document body mimics a sales confirmation, likely to trick the user into clicking a link or downloading an attachment. The ClamAV detection and ML classifier strongly indicate malicious intent, consistent with a dropper agent.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 5

ClamAV: Pdf.Dropper.Agent-7212580-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7212580-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://customers.pgp.com/download/lookup?oid=1248198-0f2b1e4cb5db36f055803cb40f5735fe
- https://support.pgp.com

Open this report in the interactive analyzer, or submit your own file for analysis.