Pdf.Dropper.Agent-7315226-0 — PDF malware analysis

Static analysis result for SHA-256 e21b8053ac0d3ac4…

MALICIOUS

PDF

10.7 KB
MD5: 5942ae51ebd0aa733de78432797edce5 SHA-1: 5460df628fd406b061596a28ed21051b1bee54a5 SHA-256: e21b8053ac0d3ac4bd34f4a0ecd7fcd25f7d3aefa4643cddbf8ef4d846b2c48f
76 Risk Score

Malware Insights

Pdf.Dropper.Agent-7315226-0 · confidence 85%

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection further confirms its malicious nature, identifying it as Pdf.Dropper.Agent-7315226-0. The embedded JavaScript is the primary mechanism for delivering the malicious payload, likely involving the download and execution of additional malware. No specific URLs or hashes were extracted, limiting the IOCs.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7315226-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7315226-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0044_000.js
8db42a762e44f409cd6b2ea3ee56827877e767e227ccff0047e1edb9b4058a11		 pdf-javascript-stream PDF /JS object 44 at offset 0x14C 28398 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.