PDF malware analysis — malicious · 566d875b4d64bb57

MALICIOUS

PDF

47.7 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via ubst)

MD5: 00f7a3c8f4e9effc1b7bc7f0ad08740e SHA-1: d9986566c12f011586d8b62ea44806cdf79f08b6 SHA-256: 566d875b4d64bb579d50e62a6ba7fe2d99d7594a3a0d0993bd2fc093d32c8146

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF was flagged by ClamAV as 'Pdf.Exploit.Dropped-94' and a machine learning classifier assigned a high probability of maliciousness. Heuristics indicate the presence of embedded JavaScript, which is often used in malicious PDFs to exploit vulnerabilities or download further malware. The large embedded JavaScript stream suggests complex malicious functionality, likely involving exploit execution and payload delivery.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `a7c4d5f0d02c45a58c7576400aed5a0fe53816af9d9d7f3f1f921ae36713a7c3`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99A	46116 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.