PDF malware analysis — malicious · e7f4c48c2d808d44

MALICIOUS

PDF

59.3 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via ubst)

MD5: 1d1234932acca9ac4205cf32fb8d1d17 SHA-1: aef87ffe649ce78519b15d6b846dfa9ed605c35b SHA-256: e7f4c48c2d808d44c98d970b9f488e6dcc9c34632e09ac0739237d6420c06d1d

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Pdf.Exploit.Dropped-94, and a high-confidence ML classifier. It contains embedded JavaScript, indicating it likely attempts to exploit PDF vulnerabilities to download and execute a second-stage payload. The PDF structure and embedded JavaScript are strong indicators of exploit delivery.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `f6b7b62b9d0f89533d8931974bd667e00daca3e78c2d3e510d6aeb8f5e3c2a0d`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99B	50685 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.