Pdf.Dropper.Agent-7280873-0 PDF malware analysis — malicious · 8c34090625ce2f57

MALICIOUS

PDF

75.9 KB Authoring application: ing.fromChar

MD5: 1d5a62932c0de98e451822a7e8f1393b SHA-1: 05b394dad53989e613be42a8264732aad64c5b41 SHA-256: 8c34090625ce2f570ddd2b699a390cab855d67c350913276add1ff1389450b25

106 Risk Score

Malware Insights

Pdf.Dropper.Agent-7280873-0 · confidence 95%

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML classifier and ClamAV detection strongly suggest malicious intent, specifically as a dropper. The embedded JavaScript file, 'javascript_obj0001_000.js', is likely responsible for downloading and executing a second-stage payload. The 'ing.fromChar test' in the document body is likely a placeholder or artifact from the authoring tool and does not provide further context on the lure.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7280873-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7280873-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0001_000.js` `cd61b3e2ae79f67a5635eb3d238bc46dd4aedc3297347c6ec2d7c18ae8d23a47`	pdf-javascript-stream	PDF /JS object 1 at offset 0x12D22	391 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.