PDF malware analysis — malicious · df52691f573a4ae2

MALICIOUS

PDF

4.8 KB Created: 2010-04-14 17:44:38 Authoring application: Hahehalapovazewifape

MD5: b9ed99de6a1fa5170d5a451efe03fb7d SHA-1: d237198ec2b5b6fe8adaef958f74841086f787ad SHA-256: df52691f573a4ae209ef815789a41ac7b3620968232b06ff03cb0274de2a574f

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

The file is a PDF document flagged as malicious by ClamAV and a machine learning classifier. It contains embedded JavaScript, which is a common technique for delivering malicious payloads. The JavaScript action and embedded JS stream indicate that the document is designed to execute code. The repetitive text in the document body appears to be a lure to disguise the malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7314043-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7314043-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `19a29e21e9b9fdf844fab9612ad6cf3ce4ac9696e655adcd7ed5be7ca46bfce4`	pdf-javascript-stream	PDF /JS object 11 at offset 0xCE7	1493 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.