PDF malware analysis — malicious · a9846b9b17b4c42d

MALICIOUS

PDF

16.3 KB Created: 2010-03-09 19:44:02 Authoring application: Panesobonojicetbha

MD5: c79799870b9e7c8d16757a4b95bc5818 SHA-1: cf0ca17d340c9f6a7b604ca11dd5336d42db1301 SHA-256: a9846b9b17b4c42ddc53427019c773a483359c7706091c680ed05969cf543a8d

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML classifier and ClamAV detection strongly suggest malicious intent, specifically identifying it as a dropper. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, a common technique for malware distribution.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7002964-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7002964-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0020_000.js` `ac5e587b3fde84aca49509083b4f715a551ff7f408095cdcba4cbee8f7699b7a`	pdf-javascript-stream	PDF /JS object 20 at offset 0x2E64	1831260 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.