Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5f8dcd0502afa9f…

MALICIOUS

PDF

47.1 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via subst)
MD5: dcd39175009ba9b16c9ef012a781f047 SHA-1: f05871ad39ee4f57f6a1508dda87c3b7ca76fc33 SHA-256: a5f8dcd0502afa9f28486b5d009fc3a55ccabebb163fb05011c3b0381fc97f01
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is identified as a malicious PDF by ClamAV (Pdf.Exploit.Dropped-94) and a machine learning classifier. Heuristics indicate the presence of JavaScript actions and embedded JS streams, suggesting the PDF is designed to execute malicious code. The embedded JavaScript likely attempts to download and execute a second-stage payload, a common technique for dropping malware.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
fd5451feb711bdcc84994371c1a0de5d08fa3fb753872a02b9981391deb90503		 pdf-javascript-stream PDF /JS object 76 at offset 0x99B 45472 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.