Pdf.Dropper.Agent-7264260-0 — PDF malware analysis

Static analysis result for SHA-256 5d18150a78e836b7…

MALICIOUS

PDF

5.7 KB
MD5: 7b5f60f77247d4e9c9f851f862436717 SHA-1: cf4fcf8f21cdc2bbed5ffc1e4b270dee10ee356c SHA-256: 5d18150a78e836b77bc1b0b528de10d8ef396b4bfd2238b5097b18f760f5ae63
106 Risk Score

Malware Insights

Pdf.Dropper.Agent-7264260-0 · confidence 95%

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF contains embedded JavaScript, indicating an attempt to execute malicious code. The ML classifier and ClamAV detection strongly suggest this is a dropper, likely intended to download and execute a second-stage payload. The presence of JavaScript points to T1059.007, and the overall dropper functionality aligns with T1203. Given it's a PDF, T1566.001 is the likely initial access vector.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7264260-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7264260-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.