Pdf.Dropper.Agent PDF malware analysis — malicious · 7c394e571fcac991

MALICIOUS

PDF

10.0 KB

MD5: 50a30b965ba3e183ba84a7b5735011e3 SHA-1: a0d34984797fd2a26b4575484b4f7e451746fea1 SHA-256: 7c394e571fcac991aeb9693dc270b552926603335cd64285278a5b6fe11b1367

106 Risk Score

Malware Insights

Pdf.Dropper.Agent · confidence 95%

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file was detected by ClamAV as Pdf.Dropper.Agent-7275928-0 and flagged as malicious by an ML classifier. It contains embedded JavaScript, which is likely responsible for downloading and executing a second-stage payload. The obfuscated nature of the JavaScript prevents a more detailed analysis of its specific actions.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7275928-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7275928-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0069_000.js` `e65ca0b7126061c66388be5cd395c71277106e128b664292240e64103364e037`	pdf-javascript-stream	PDF /JS object 69 at offset 0x1BE	32362 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.