Malicious PDF — malware analysis report

Static analysis result for SHA-256 9a828c64c4e210f5…

MALICIOUS

PDF

3.7 KB
MD5: c0f5add346f8db65f1d5b14c9e3b73e5 SHA-1: 989da92b462654249d6771cbbe408109dc1a6eb4 SHA-256: 9a828c64c4e210f53411f13167f45fc5d8bd860e8fb427f5109b3bb22ffc6de2
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML classifier and ClamAV detection strongly suggest malicious intent, classifying it as a dropper. The primary function appears to be the execution of a secondary payload, likely through the embedded JavaScript, although the specific payload and execution method are not detailed in the provided evidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7285935-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7285935-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.