MALICIOUS
116
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.002 Malicious File
The PDF was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Dropper.Agent-7417865-0' and an ML classifier indicating maliciousness. The presence of embedded JavaScript streams strongly suggests that the PDF is designed to execute malicious code, likely to download and run a secondary payload. The document body was unreadable, but the combination of PDF structure and JavaScript points to a dropper or downloader attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.8846
Heuristics 3
-
ClamAV: Pdf.Dropper.Agent-7417865-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7417865-0
-
JavaScript action low PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0087_000.js47a5835193a7c2a5617505f6240e07d9a1d01e9772beb0972dd21865628041fd |
pdf-javascript-stream | PDF /JS object 87 at offset 0xF22C | 23692 bytes |
javascript_obj0088_001.js3d8b1723c9ade390c55341570e3e8fda2a7c4b00ad038f6db96eb4f75cf84904 |
pdf-javascript-stream | PDF /JS object 88 at offset 0x128AF | 222 bytes |
javascript_obj0089_002.jsfc791c5e473cc1ae7b17bb45efc346ed6f45b4ef2dd6bb19d21453aba54c2566 |
pdf-javascript-stream | PDF /JS object 89 at offset 0x129AE | 224 bytes |
javascript_obj0090_003.jsb56b30d0148454c230c55350badc251a32818b1a6ba37b418306742cdf68bdad |
pdf-javascript-stream | PDF /JS object 90 at offset 0x12A8F | 172 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.