PDF malware analysis — malicious · a1b4d7f189ce18b1

MALICIOUS

PDF

47.2 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via substr)

MD5: 04780c8da39506a1f6aecfbcdf3a40d0 SHA-1: 1c88c3ab69b39d408312bb7a48220bf5c630bb04 SHA-256: a1b4d7f189ce18b1c0125887235054f2f6c5fa3df64598ce6aec6678aac4d20f

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF was flagged by ClamAV as 'Pdf.Exploit.Dropped-94' and a machine learning classifier assigned a high probability of maliciousness. Embedded JavaScript, totaling 45524 bytes, is present and likely responsible for executing the exploit. The document body contains metadata suggesting it was created by Acrobat PDFMaker, but the core functionality appears to be malicious exploitation.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `eef262cb22cc2aed8fd181d3756f230539041c4ea6a0c8342d2a90fee0863b98`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99C	45524 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.