Malicious PDF — malware analysis report

Static analysis result for SHA-256 abc1eec107bbf94f…

MALICIOUS

PDF

47.3 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via substr)
MD5: e5ad0d9e2a0168eccdb811e5efddaeac SHA-1: 538eaf3f854daee682e2ce25c7deb955acb282de SHA-256: abc1eec107bbf94f4d063b9ff73aad2a528ba72fa39b274857ae0b4974b8a172
108 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is identified as a malicious PDF by ClamAV and a machine learning classifier. Heuristics indicate the presence of JavaScript actions and embedded JS streams, suggesting an attempt to execute malicious code. The ML classifier's high confidence score further supports its malicious nature. The PDF structure and embedded JavaScript point towards an exploit delivery mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
9d96f5ef0aa4098d370ef1ea513309c3553843e1106c5a3e8c57706e7aea9be0		 pdf-javascript-stream PDF /JS object 76 at offset 0x99C 45719 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.