Malicious PDF — malware analysis report

Static analysis result for SHA-256 6252b3e941fd6831…

MALICIOUS

PDF

998 B
MD5: c719d36dc0d0cb4e023866e665fd8a87 SHA-1: 9c273e2ab2863be516e78ad0361ccd7f26fef70f SHA-256: 6252b3e941fd68319e4932a57a567918c9a96931cf789a48aab88c9e0e6dad5b
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript

The PDF file contains embedded JavaScript streams that execute simple alert boxes. While these specific scripts are benign, they indicate the potential for more malicious JavaScript to be hidden or executed. The ML classifier and ClamAV detection strongly suggest malicious intent, likely as a dropper or initial stage for further compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7358945-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7358945-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
c4f8daf948fbd78e84970d8ae199b74d92474f692f7da67092510ea4fea69fe4		 pdf-javascript-stream PDF /JS object 7 at offset 0x26D 91 bytes
javascript_obj0007_001.js
631c450b95892aea0299b12b1a98e67e04158050e09985985ca99cbecb611fe8		 pdf-javascript-stream PDF /JS object 7 at offset 0x26D 89 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.