Pdf.Dropper.Agent-9448882-0 PDF malware analysis — malicious · d3b2e48015e378e4

MALICIOUS

PDF

11.2 KB

MD5: a8cf3b93f7aee7ea48813e6edaf00bcd SHA-1: b72ed839b1131c3cf53a29dbb1405ffc2dd544c5 SHA-256: d3b2e48015e378e4fad9e2b98b2488c7169dd30b87f2dac70064cc6d936b85ca

106 Risk Score

Malware Insights

Pdf.Dropper.Agent-9448882-0 · confidence 95%

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF was flagged by ClamAV as Pdf.Dropper.Agent-9448882-0 and a machine learning model with high confidence. Heuristics indicate the presence of embedded JavaScript, which is commonly used in PDF-based malware to download and execute additional malicious content. The large size of the embedded JavaScript stream further supports this.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 3

ClamAV: Pdf.Dropper.Agent-9448882-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-9448882-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0087_000.js` `63e92e39117cf64dbb3eda3b92dbfa51a29630edc1cfa4b64761b3868153ac61`	pdf-javascript-stream	PDF /JS object 87 at offset 0x105	26937 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.