Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6f96ca8c4a4336f…

MALICIOUS

PDF

58.9 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: lice (via ubst)
MD5: e68d43f3ad668235e095dd735aff87e4 SHA-1: 1e279e58ff5398ab173352ad04ad225bef8f6adb SHA-256: b6f96ca8c4a4336fab029dc9871cfbc32c392d2e44cddce872359c8a3d5ef129
108 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious File

The critical ClamAV detection 'Pdf.Exploit.Dropped-94' and the high ML classifier score strongly indicate malicious intent. The presence of embedded JavaScript, flagged by heuristics, suggests the PDF is designed to exploit vulnerabilities and execute code. This JavaScript likely serves to download and execute a second-stage payload, a common technique for initial access.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
60f7d8064d3578cc89c36aac9ffd37b51bf1f4797a82e2de46965d26f98354a3		 pdf-javascript-stream PDF /JS object 76 at offset 0x955 50425 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.