Malicious PDF — malware analysis report

Static analysis result for SHA-256 b2eb1f68b4a3f5f4…

MALICIOUS

PDF

46.9 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via substr)
MD5: 93735f149f0049ec41ad2b22a741a796 SHA-1: a44a0e5498410ed4349a042d2318fe1f8cf86909 SHA-256: b2eb1f68b4a3f5f4db1f057c73efec926e651cd599b1df228a0caa192e6df850
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as 'Pdf.Exploit.Dropped-94' strongly suggests it exploits a known vulnerability. The JavaScript is likely responsible for executing a malicious payload, leading to the 'malicious' verdict. The document body content is not indicative of a specific lure.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
f0cdc348a64b55dd53293258c06f4f9ddf080cbf1e007e3af993cb7a3f6054e6		 pdf-javascript-stream PDF /JS object 76 at offset 0x99C 45267 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.