Malicious PDF — malware analysis report

Static analysis result for SHA-256 a3cc3f32afb95e5c…

MALICIOUS

PDF

7.9 KB Created: 2010-05-18 20:47:09
MD5: 2d49aa05952b19167195edbb90984cc0 SHA-1: 1f0cc6e031a110a244809cfeb0d019e142672dc0 SHA-256: a3cc3f32afb95e5c7b81ed5000802c106a5fd59328162c8db8275ef2f33b1696
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV detection and high ML classifier score indicate malicious intent. The presence of embedded JavaScript, identified by PDF_JAVASCRIPT and PDF_JS heuristics, strongly suggests the file is a dropper. This JavaScript is likely responsible for downloading and executing a second-stage payload, a common technique for PDF-based malware distribution. The ClamAV signature 'Pdf.Dropper.Agent-7289256-0' further supports this assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7289256-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7289256-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0013_000.js
db0b84d434caf5bb2edef5f16146dcb8e5a6baed969af1bef9833bf2b2eda6d1		 pdf-javascript-stream PDF /JS object 13 at offset 0x13BB 3750 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.