Malicious PDF — malware analysis report

Static analysis result for SHA-256 7de7f3112111ee30…

MALICIOUS

PDF

15.8 KB
MD5: aaa0882df09169c896accbe61b2142df SHA-1: 2b6850178d5219e09fa13f2152378226132db5fd SHA-256: 7de7f3112111ee30d2edd82cc087d2eb4e6cfce8ce0bdf5bb0e1a58c0d03fc02
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File

The PDF contains embedded JavaScript, flagged by multiple heuristics, and is detected by ClamAV as Pdf.Dropper.Agent-1501366. The ML classifier also strongly indicates maliciousness. The embedded JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for PDF-based malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-1501366 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-1501366
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
4cd97d2e56f51a3fa5af41ddd9610ed768df950f6ce857cfaf3c1989dc86ec64		 pdf-javascript-stream PDF /JS object 76 at offset 0x2E3 15201 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.