Malicious PDF — malware analysis report

Static analysis result for SHA-256 c53c1b960f392d06…

MALICIOUS

PDF

9.2 KB
MD5: e9fa83891aad042c43a2aee485ad6b6e SHA-1: c2f1b001e4adf7b1cfa31d7359f3792dcd2ded00 SHA-256: c53c1b960f392d065312b58d9a852bf8d8756fdf14ec6f47818ef7cd47e41469
108 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/Shell Script Execution

The PDF contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML classifier and ClamAV detection strongly suggest malicious intent. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, a common technique for PDF-based malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-1551405 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-1551405
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0069_000.js
e53ce024f759a465bb3f58c913c8b74d548aa0a336088b116216fda8e0350c4d		 pdf-javascript-stream PDF /JS object 69 at offset 0x1BE 17137 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.