Malicious PDF — malware analysis report

Static analysis result for SHA-256 a337358ef4004ca1…

MALICIOUS

PDF

58.7 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: lice (via ubst)
MD5: e8ffd18f251ec459eb35d8a2d5a7496d SHA-1: 8bfb47a6bcfcc23fde7255dd0489f81ca2512bae SHA-256: a337358ef4004ca103931a8925566763b2179ea7a57e0964db028060fc4b9c13
108 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

This PDF file was flagged as malicious by ML classifiers and ClamAV, specifically as 'Pdf.Exploit.Dropped-94'. It contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics, which is a common method for exploiting PDF vulnerabilities to download and execute further malicious content. The ML_NYX_PDF_MALICIOUS score of 0.999981 strongly suggests malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
2aa0409278ca8032cfb7b178c5d2f54a4dbd9e0bc29c93866f48601b9ecb744c		 pdf-javascript-stream PDF /JS object 76 at offset 0x955 50227 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.