Malicious PDF — malware analysis report

Static analysis result for SHA-256 df2aa28ff692bb02…

MALICIOUS

PDF

12.7 KB
MD5: 5f9e96655df3883d830b9e3bb115360d SHA-1: e86187e35443e8833a955d434afec75c09a12682 SHA-256: df2aa28ff692bb02362af0aee70ef2179c4c7be58e9599a56858f4b589ac5c01
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was detected by ClamAV as Pdf.Dropper.Agent-7313997-0. Static analysis revealed embedded JavaScript, indicating the document is designed to execute malicious code. The JavaScript action and embedded JS stream heuristics confirm the presence of executable content within the PDF. The primary function appears to be downloading and executing a secondary payload.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7313997-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7313997-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0020_000.js
af701efb1d43e0e8e5a6fa3dd7d2c71a63a43ed738a784db928607d66182d301		 pdf-javascript-stream PDF /JS object 20 at offset 0x2D24 1206 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.