Pdf.Dropper.Agent-7294004-0 — PDF malware analysis

Static analysis result for SHA-256 b12801431494c6d9…

MALICIOUS

PDF

16.9 KB
MD5: 48bf99ea209ddb53669d8ee16b08d5ba SHA-1: b590967f3f630d57567e26d8ca26707d9bf331bb SHA-256: b12801431494c6d9ecdcd5f5d659d0df06d9553c120ff84ab9117f5ee9f805da
76 Risk Score

Malware Insights

Pdf.Dropper.Agent-7294004-0 · confidence 95%

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment

The critical ClamAV heuristic identified the file as Pdf.Dropper.Agent-7294004-0, indicating a known malicious dropper. The presence of PDF JavaScript actions and embedded JS streams further supports this, suggesting the script's purpose is to download and execute a second-stage payload. The document body was unreadable, but the combination of the ClamAV signature and the JavaScript components strongly points to a malicious dropper.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7294004-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7294004-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0026_000.js
a8bab585eb0ee1bbc1b2976002c040c1c33ca0500d3c2ca75c8503dba68cab51		 pdf-javascript-stream PDF /JS object 26 at offset 0x3967 36668 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.