PDF malware analysis — malicious · 814fca8ca508b328

MALICIOUS

PDF

47.3 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via subst)

MD5: ac0c2a736254206d1f4b6186aed3f02b SHA-1: 990c29b36705319ac5305b810462fabdddd32635 SHA-256: 814fca8ca508b3282606c50b050756c1f01f52a9df02dc272e2227fb781f79a9

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1059.001 PowerShell

The file is identified as a malicious PDF by ClamAV and a machine learning classifier. It contains embedded JavaScript, which is often used to exploit PDF reader vulnerabilities and download secondary payloads. The presence of JavaScript actions and streams strongly suggests an exploit attempt.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `d9ce4c9375124928f521e5b7da695e98f8f1b0b4bd79bcc2e0930ab5f79fa28f`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99B	45670 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.