PDF malware analysis — malicious · e3d48ef23a3fe4c6

MALICIOUS

PDF

50.5 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via ubst)

MD5: 74bb39dd84534ce5f0959a1b586a8aa1 SHA-1: c36a79e02f3cda522c4019f0f48de44ca4dc7ec7 SHA-256: e3d48ef23a3fe4c6091847de2f7836a4e3ac63ace82dfb5d9b50455079bbcaac

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file was detected by ClamAV as 'Pdf.Exploit.Dropped-94', indicating a known exploit. Static analysis revealed embedded JavaScript, which is a common technique for executing exploits within PDF documents. The JavaScript action and embedded JS stream heuristics confirm the presence and potential execution of malicious code. The primary attack pattern involves luring the user to open the PDF, triggering the embedded exploit to likely download and execute a secondary payload.

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `5e92d7e1e657b492967d4e03cceb01c4962d69c630fef804ebe2750a82acd071`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99A	48910 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.