Malicious PDF — malware analysis report

Static analysis result for SHA-256 57fde2528ebaf6bf…

MALICIOUS

PDF

47.7 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via subst)
MD5: caf7a07bc80d74fc16c28edcd052b5da SHA-1: 0251e66685920bec17fdb750b0725de4e5a13409 SHA-256: 57fde2528ebaf6bfe3b57037000baf6b0706c40652721723a16700ecdd8d5e33
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a malicious PDF by multiple heuristics, including a critical ClamAV detection for 'Pdf.Exploit.Dropped-94' and a high ML classifier score. The presence of embedded JavaScript, indicated by PDF_JAVASCRIPT and PDF_JS firings, suggests an attempt to execute malicious code. While the specific exploit or payload is not detailed, the overall pattern points to a PDF designed to drop and execute further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
cb347499ce61b2f217a0ba7a6869aff59032a02b9fc092c869407469391708b6		 pdf-javascript-stream PDF /JS object 76 at offset 0x99B 46069 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.