PDF malware analysis — malicious · ac5c330ec79e7728

MALICIOUS

PDF

47.7 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via subst)

MD5: e4bc9705295cbeef6eb44cb27e05c83d SHA-1: b576db7db66239fb5c113ad90bf75bdfbfaffc79 SHA-256: ac5c330ec79e7728b7a2e53c355d2fd1f8e6123125b3c156f852547d9e9e73c8

108 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file was detected by ClamAV as Pdf.Exploit.Dropped-94, and a machine learning classifier also flagged it as malicious with high confidence. The presence of embedded JavaScript, indicated by heuristic firings and the embedded artifact, suggests an attempt to execute malicious code. The document body contains metadata and copyright information, but the primary malicious activity is likely within the embedded script, which is expected to download and execute a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `75d6a64b222febd858e16cfc7cab46eca20c08b9cd1a619ac0f13dcec8fcadc0`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99B	46071 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.