PDF malware analysis — malicious · d58761c4400ddbd0

MALICIOUS

PDF

150.7 KB Created: 2017-11-18 10:21:38 Authoring application: Online2PDF.com

MD5: 43fe6efbf4498a1487a4632b0aee2123 SHA-1: f5af0e70b5c22dcec7fc00eef124a9feb3c162bf SHA-256: d58761c4400ddbd0b168d10e4ed7c151aa25f27347529ae6e9028cec5b60aed9

88 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.001 Malicious Link

The critical ClamAV heuristic identified the file as Pdf.Dropper.Agent-7308985-0, indicating it's a known PDF dropper. The medium heuristic for SE_CALLBACK_LURE strongly suggests a callback phishing or tech-support scam, where the document prompts the user to call a phone number. An embedded JavaScript stream was also detected, likely used to facilitate the malicious payload delivery or interaction.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7308985-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7308985-0
Callback phishing phone lure medium SE_CALLBACK_LURE

Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`stream_008_off0000d377.bin` `47e733cac545c3d5c55282b7683033c637be108687d1cfc867a6a507c22e1cff`	decompressed-pdf-stream	PDF FlateDecoded stream at offset 0xD377	54508 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.