PDF malware analysis — malicious · d43c06cd1cfeb004

MALICIOUS

PDF

13.0 KB Created: 2010-04-05 13:07:49 Authoring application: Jaauepiuafe (via Cwpkebebagemojef)

MD5: 8af510f6b5ca0f7e1d4f58d8efa37246 SHA-1: e94e840ac08fc8529c2e3b3c33e514d4ac217567 SHA-256: d43c06cd1cfeb0046ac0df001bf4add48c1bac025bda9d77ba903982d1e3c4c3

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV heuristic identifies the file as 'Pdf.Dropper.Agent-7308402-0', indicating it functions as a dropper. The presence of embedded JavaScript, flagged by two low-severity heuristics, further supports this. The JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for droppers. The document body contains a large amount of seemingly random text, which is often used to obfuscate the malicious content or to make the document appear legitimate.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7308402-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7308402-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0020_000.js` `0143587a1d5ec33d6bc3c2843c7c313e9cffcfc302b52f47e15a6f392c41f8c3`	pdf-javascript-stream	PDF /JS object 20 at offset 0x296C	40060 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.