Pdf.Dropper.Agent-7003093-0 — PDF malware analysis

Static analysis result for SHA-256 c9bd17fddb5ba617…

MALICIOUS

PDF

280.4 KB Created: 2012-09-29 01:35:00 +03:30 Authoring application: Microsoft® PowerPoint® 2010
MD5: 7375c7d483548a78650ae1c5665e34e3 SHA-1: 7a7f8dbf3ade5bba8fcaac4932f89464ddef69e1 SHA-256: c9bd17fddb5ba617e1082fd0f4468d7f612b363698e4562d8f80ec2fe9436a92
62 Risk Score

Malware Insights

Pdf.Dropper.Agent-7003093-0 · confidence 85%

MITRE ATT&CK
T1204.002 Malicious File

The file was identified as malicious by ClamAV with the signature Pdf.Dropper.Agent-7003093-0, indicating it functions as a dropper. An external URI pointing to twitter.com was found, though it is marked as confirmed benign. The document body contains garbled text, suggesting it is not intended for direct user interaction but rather to host malicious content or exploit.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7003093-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7003093-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://twitter.com/coolkaveh

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_008_off0000b9b8.bin
f548fbd4f1a3f45428714a03ced38f12b52452b06787354307791592bcae3fb5		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB9B8 187884 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.