PDF malware analysis — malicious · 8d6b5091f9222582

MALICIOUS

PDF

11.5 KB

MD5: 9c2846735c1c595b794952d151334d17 SHA-1: 90a6732b86ade2737c41a6428bc1e601ce485fea SHA-256: 8d6b5091f922258290c2964fe7aa185b6d29984d08e9961abcabcbeb9207a095

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF was flagged by multiple heuristics, including a high-severity ML classifier and a critical ClamAV detection for 'Pdf.Dropper.Agent-7281234-0'. The presence of embedded JavaScript, indicated by PDF_JAVASCRIPT and PDF_JS heuristics, suggests the document is designed to execute malicious code upon opening. This JavaScript likely acts as a dropper, initiating a chain of malicious actions, such as downloading and executing a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7281234-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7281234-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0045_000.js` `c475f82b457c4b2ea12ee004bd8f0552ed8f2d42ed5202cb884b4b4f14de97c9`	pdf-javascript-stream	PDF /JS object 45 at offset 0x193	27752 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.