Malicious PDF — malware analysis report

Static analysis result for SHA-256 5866dfc5081bddf4…

MALICIOUS

PDF

47.3 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via substr)
MD5: bafa104a9a27cef575da5c119e62d8ac SHA-1: 400106b1129ed4c58a6515580439605ca5af8632 SHA-256: 5866dfc5081bddf4346094bb67a882de78f9783786c81aee03cff01daa9727e7
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged by ClamAV as 'Pdf.Exploit.Dropped-94' and a machine learning classifier assigned a high probability of maliciousness. Heuristics indicate the presence of embedded JavaScript, which is often used to exploit vulnerabilities and download further malicious content. The large size of the embedded JavaScript stream (45674 bytes) suggests complex or obfuscated code, likely for payload delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
c9a1ecbda2698e61e964d42851f18ad43e7b3a252be9b3537cc28e85cf88719b		 pdf-javascript-stream PDF /JS object 76 at offset 0x99C 45674 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.