PDF malware analysis — malicious · 59ad57d1bc571704

MALICIOUS

PDF

12.6 KB Created: 2010-03-17 13:16:23 Authoring application: Qihenekoqewimqifce

MD5: 9d20b826db697281d1ce37f76e4c70ba SHA-1: 6bdf6907555075137e14d05b863417e92fb219e8 SHA-256: 59ad57d1bc5717041b472c60d3a9a3a628a5260411a8c05abc27800b6082fd84

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Dropper.Agent-7055933-0'. The presence of embedded JavaScript, indicated by PDF_JAVASCRIPT and PDF_JS heuristics, suggests the document is designed to execute malicious code. The ML classifier also strongly indicated maliciousness. The exact function of the JavaScript is not fully discernible due to its size and potential obfuscation, but its presence is a strong indicator of a dropper or exploit delivery mechanism.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7055933-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7055933-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0020_000.js` `dfce10c25364df020b9e0e890640f0cc577a5cdd82ece8152cd56081a1f00c64`	pdf-javascript-stream	PDF /JS object 20 at offset 0x28C6	83028 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.