PDF malware analysis — malicious · b1d50e4808228e5c

MALICIOUS

PDF

8.2 KB

MD5: 0744837698c55b0e9668206ed5e0c3a8 SHA-1: e995a427010089032131e4196a314b47a9fc15a0 SHA-256: b1d50e4808228e5c29a8ed6f045e593b0a61a4bab6d47cd68fc7471d6d2e206a

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file was flagged by multiple heuristics, including a high-severity ML classifier and critical ClamAV detection, indicating malicious intent. The presence of embedded JavaScript, identified by PDF_JAVASCRIPT and PDF_JS heuristics, suggests the file is designed to execute arbitrary code. While the JavaScript content itself was not detailed, its presence strongly implies a dropper or exploit delivery mechanism. The ClamAV detection name 'Pdf.Dropper.Agent' further supports this assessment.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7294221-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7294221-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0069_000.js` `2aa84151ccafab4c5a4ab36eac429adef93863b3511d042fdd7a29395fda3a53`	pdf-javascript-stream	PDF /JS object 69 at offset 0x1BE	20233 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.