Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8a2e56e3ebd2f28…

MALICIOUS

PDF

16.7 KB
MD5: 12a1b3927cfa5f56d190457d25444b07 SHA-1: a899ee76bbd3c6c58317b35974f0dcf56860c4dc SHA-256: c8a2e56e3ebd2f28105a97cdab7e62b0a57765b500316c89e7af020df3190036
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The primary indicator is a critical ClamAV detection identifying the file as 'Pdf.Dropper.Agent-7172173-0'. This strongly suggests the PDF's purpose is to deliver and execute a secondary malicious payload. No document body text or scripts were available for further analysis, limiting the ability to detail the specific delivery mechanism or payload.

Machine Learning

  • Nyx PDF Classifier clean score 0.0266

Heuristics 1

  • ClamAV: Pdf.Dropper.Agent-7172173-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7172173-0

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_000_off000003eb.bin
d9ba15629b8f2ec9ac3b91461b8a97a3b8dd956a1f102ce9acfe02be6ba7aa7a		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3EB 414879 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.