PDF malware analysis — malicious · c6f7b4fca6791f58

MALICIOUS

PDF

46.9 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via substr)

MD5: b21dea3dd22bd3f2a3e2ddde12505851 SHA-1: fa76b1f79e50deef84acccf36e589416c0672b63 SHA-256: c6f7b4fca6791f589ae7282d642eed524a63a697660c5078b7965e5af768e659

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

This PDF was flagged as malicious by a machine learning classifier and ClamAV, which identified it as Pdf.Exploit.Dropped-94. The presence of JavaScript actions and embedded JS streams indicates an attempt to execute malicious code. The ML classifier's high confidence score and the ClamAV detection strongly suggest this PDF is a dropper for further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `1b7ebc3fdf855a45f20410bb39a806c433b73af0363082e061402b1ace6d205f`	pdf-javascript-stream	PDF /JS object 76 at offset 0x999	45247 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.