Malicious PDF — malware analysis report

Static analysis result for SHA-256 9a7d7737d625e7f2…

MALICIOUS

PDF

9.5 KB
MD5: a7b7e277fa01b597472bc14f650e61b7 SHA-1: 7b25a7842d7ad14695b7db690790322b59c7026d SHA-256: 9a7d7737d625e7f2a413b95e439339093766c0c4731f756d0124dff803902ff3
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/Scripting

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Dropper.Agent-7285891-0'. An embedded JavaScript stream was also identified, indicating the likely execution of malicious code. The ML classifier output of 0.999947 further supports the malicious nature of the file. The primary function appears to be dropping a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7285891-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7285891-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0011_000.js
e3b8ed99dee109ed231cb155f11bd5b0c7b0d0de66095b5007a392b3f6a72126		 pdf-javascript-stream PDF /JS object 11 at offset 0x22BD 108 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.