PDF malware analysis — malicious · 7fc167dcad27b727

MALICIOUS

PDF

717.1 KB Created: 2016-04-02 16:05:00 +02:00 Authoring application: convert-jpg-to-pdf.net (via PDFlib Lite 7.0.5p3 (PHP5/Linux-x86_64))

MD5: 4594af38b37039e82e01a9b74fcb3e64 SHA-1: 41d4d9b68bc4d4a8306732a51480e41160db12e0 SHA-256: 7fc167dcad27b7275244a864b6a80e1736bb9c9f24913a5b26eb0b5f4d104eac

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF was identified as malicious by ClamAV with the signature Pdf.Dropper.Agent-7277008-0. Heuristics indicate it's an image-only PDF lure, suggesting it's designed to trick the user into interacting with it, potentially to trigger an exploit. The lack of readable document body text further supports this, as the content is likely obfuscated or purely visual.

Machine Learning

Nyx PDF Classifier clean score 0.0001

Heuristics 2

ClamAV: Pdf.Dropper.Agent-7277008-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7277008-0
PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LURE

PDF has 1 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.

Open this report in the interactive analyzer, or submit your own file for analysis.