Malicious PDF — malware analysis report

Static analysis result for SHA-256 d7921937fbc437e6…

MALICIOUS

PDF

71.9 KB Created: 2009-11-15 19:41:70 Authoring application: PDF Library 4.3.9 (via PDF Library 3.9.7)
MD5: ccb7f70d36cf2070b05f9b1c3a6d2a9b SHA-1: 36549930cb1b33867749b452e499f11b6215b110 SHA-256: d7921937fbc437e6c86f2b5230bd04e194a5e7e9ab24030407de0aa0cd3f5e20
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/JScript

The file is a PDF document flagged by ClamAV as 'Pdf.Dropper.Agent-7685831-0'. Static analysis detected embedded JavaScript, which is a common technique for dropper malware to download and execute additional malicious payloads. The ML classifier also strongly indicated maliciousness. The specific JavaScript content was too large and complex to fully analyze for specific actions, but its presence strongly suggests a malicious dropper.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9993

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7685831-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7685831-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
a81e1e94eef656eea156643948758634c6c04ca205a5b896941ca50a9106e61e		 pdf-javascript-stream PDF /JS object 7 at offset 0x1A5 146760 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.