Malicious PDF — malware analysis report

Static analysis result for SHA-256 887a663f32eb014d…

MALICIOUS

PDF

59.1 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: lice (via ubst)
MD5: 31e69c5b114f73b1e595e1c1589b354e SHA-1: 5faf283d9d47792057ba5ce1e0c11def21d95181 SHA-256: 887a663f32eb014dc9ff5b1b53054224812f174996ea2a9baba4ab0c76ee50e0
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV detection and high ML classifier score strongly indicate maliciousness. The PDF contains embedded JavaScript, which is often used to exploit vulnerabilities or download further malicious content. The presence of JavaScript actions and streams, coupled with the ClamAV signature 'Pdf.Exploit.Dropped-94', suggests this PDF is designed to drop and execute a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
702ed87cf764542ec901a17b35862fe67caac75855b2f08c4f98eae1bf6bc53e		 pdf-javascript-stream PDF /JS object 76 at offset 0x955 50554 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.