PDF malware analysis — malicious · e2e0621afe715b39

MALICIOUS

PDF

47.3 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via subst)

MD5: e8c9a62ed29a8452b63838d6a193c726 SHA-1: 567fb1035a6fa3e5250c04cef77d10c01276a06e SHA-256: e2e0621afe715b39616a414afd70150c8b952b72594c4b716462e8b889e300f9

108 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1059.001 PowerShell

The file is identified as a malicious PDF by ClamAV and a machine learning classifier. Heuristics indicate the presence of JavaScript actions and embedded JS streams, suggesting an exploit is present. The ML classifier's high confidence score further supports this. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, as indicated by the ClamAV detection name 'Pdf.Exploit.Dropped-94'.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `29040a47201e0d9dcb62cf9b2d0cf2d6c390d800af489679e8e14c0d0da1eb43`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99B	45709 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.