Malicious PDF — malware analysis report

Static analysis result for SHA-256 7aaacc478a000254…

MALICIOUS

PDF

9.5 KB
MD5: ab756196ca271044fa80c0a38c2de091 SHA-1: 9e7209172c18f7dc12d74a4dbf8a8f234a2e6c76 SHA-256: 7aaacc478a0002543718558d74fb77330a920dcff15bb324dd6020cb6eb4a897
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Dropper.Agent-1828814'. The presence of embedded JavaScript, indicated by PDF_JAVASCRIPT and PDF_JS heuristics, suggests the document is designed to execute malicious code. The ML classifier also strongly indicated maliciousness. The primary function appears to be dropping a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-1828814 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-1828814
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0069_000.js
7cb4c2f0b93d05916dd412e79c3c8e5c7e04edb9b3b76d3c1e28269a95767b2a		 pdf-javascript-stream PDF /JS object 69 at offset 0x1BE 19598 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.