Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ee8910446f83c1a…

MALICIOUS

PDF

62.9 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: lice (via ubst)
MD5: 3a3ded81bb61d6619fb0b59244bcb676 SHA-1: 9a3aa6e636d36bbbc4c061c2039d574d21897431 SHA-256: 9ee8910446f83c1a48ded0a205e343cd56e6b5aa6ce0b1c0aa350c3d6b41e77c
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by heuristic firings for PDF_JAVASCRIPT and PDF_JS. The ClamAV detection 'Pdf.Exploit.Dropped-94' strongly suggests this is a known exploit. The embedded JavaScript is likely responsible for downloading and executing a malicious payload, which is a common attack pattern for such documents. The document body contains unusual metadata and strings that do not provide further context on the lure.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
a97b9405c667d62f6dd01fa306689b61f275e20735339877010ce907024831b5		 pdf-javascript-stream PDF /JS object 76 at offset 0x94B 53942 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.