Pdf.Dropper.Agent-7596706-0 — PDF malware analysis

Static analysis result for SHA-256 643b980da0d86fcc…

MALICIOUS

PDF

3.2 KB
MD5: 027f4c5a84afec48b46c086547c63078 SHA-1: 6ddbc49ed134f57f584bc7a980446e98f211f93a SHA-256: 643b980da0d86fcc8b55189e7d1e41373a437b9382dcae87a796384a1cdefd7a
106 Risk Score

Malware Insights

Pdf.Dropper.Agent-7596706-0 · confidence 95%

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics as malicious. ClamAV identified it as Pdf.Dropper.Agent-7596706-0, indicating its role as a dropper. The embedded JavaScript is likely responsible for downloading and executing a secondary malicious payload, a common technique for this type of malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8846

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7596706-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7596706-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules. (matched inside decoded stream)
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules. (matched inside decoded stream)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objstm_0014_00.bin
1b7a6b42d22147b4d116008d2d84b1a4da1367fadd8af5ca5b098b56a955415a		 pdf-objstm-decoded PDF /ObjStm 14 0 obj (inflated) 24197 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.