PDF malware analysis — malicious · a1c2bb0b806e7bc8

MALICIOUS

PDF

13.2 KB

MD5: 151dff7ce6c5dbc872aeb9d7a7824b82 SHA-1: f58e1372e7e0a46ac0bb1aa5e91609efdcf4cbce SHA-256: a1c2bb0b806e7bc89d50feaf7f4c1b8760df19c1663ba7c4fd648980ebb42392

150 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The file was identified as malicious by a machine learning classifier and ClamAV, which specifically flagged it as 'Pdf.Dropper.Agent-7566193-0'. Furthermore, an extracted artifact was also detected by ClamAV as 'Win.Exploit.Jailbreak-1', indicating the PDF likely exploits a vulnerability to drop or execute another malicious component. The document body content is heavily obfuscated and does not provide clear user-facing lures.

Machine Learning

Nyx PDF Classifier malicious score 0.8633

Heuristics 2

ClamAV: Pdf.Dropper.Agent-7566193-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7566193-0
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_cff_off00000458.bin` `6ad4f6c3d6a862462a46e2ad04f079bd77f062a6f8d42d1120323f782a763c6b`	pdf-font-stream	PDF embedded font (cff) at offset 0x458	40077 bytes
Detection ClamAV: Win.Exploit.Jailbreak-1 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.