PDF malware analysis — malicious · 95dc6efe7bf8f91b

MALICIOUS

PDF

7.4 KB

MD5: f2cb7fcdef1fa670e61e34e0059e1419 SHA-1: be1feb44cf3b1115322c3f8ac3e28123120738fa SHA-256: 95dc6efe7bf8f91bb84a8623de53c1e23cab8c2e5a370a73b0133fc3785cf8bf

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.004 Scripting: Python

The ClamAV detection 'Pdf.Dropper.Agent-7284322-0' strongly indicates malicious intent, classifying this PDF as a dropper. The presence of embedded URLs, although currently flagged as benign, suggests a potential mechanism for delivering further malicious content or redirecting the user. The differential PDF parser failure might indicate attempts to obfuscate the malicious content.

Machine Learning

Nyx PDF Classifier clean score 0.0288

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7284322-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7284322-0
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFValueError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://ns.adobe.com/xap/1.0/
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/pdf/1.3/

Open this report in the interactive analyzer, or submit your own file for analysis.