PDF malware analysis — malicious · 65d142402f7dac3a

MALICIOUS

PDF

8.5 KB

MD5: 9fd4c792d3de872f04f5f00072b987f8 SHA-1: 7cbd240ed2c74e16e7db9e8d1a5723a0e92b031a SHA-256: 65d142402f7dac3a820bc9e21c03cb1fbf2e3bb3b8743c82bf1af2238cc696b6

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF contains embedded JavaScript, flagged by multiple heuristics and a machine learning classifier as malicious. ClamAV also detected it as 'Pdf.Dropper.Agent-1828774'. The JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for dropper malware. The specific JavaScript code is heavily obfuscated, preventing a more detailed analysis of its exact actions.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Dropper.Agent-1828774 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-1828774
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0069_000.js` `e6d4c2ef09bdf3fcf0e49f0461ed5c40c837386faa91c3568eca4df83824a53e`	pdf-javascript-stream	PDF /JS object 69 at offset 0x1BE	19758 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.