Pdf.Dropper.Agent-9238482-0 — PDF malware analysis

Static analysis result for SHA-256 e8dafeb13857a8df…

MALICIOUS

PDF

11.5 KB
MD5: 4edc55335fcd372567cf8d9d1a99b6b8 SHA-1: 4d13b46d17ff5ae8f9531e2bb39b35d246269cde SHA-256: e8dafeb13857a8df1ecf1053fc0233dbedad7b192de822cfb869d38ff4ef1538
76 Risk Score

Malware Insights

Pdf.Dropper.Agent-9238482-0 · confidence 95%

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV detection and the presence of embedded JavaScript strongly indicate a malicious dropper. The embedded JavaScript stream, named 'javascript_obj0087_000.js', is the primary mechanism for executing the malicious payload. This pattern is consistent with PDFs designed to download and execute further stages of malware.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-9238482-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9238482-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0087_000.js
67b8f2a2415b477147873d5c1d53ce650d4761ddea0c332b0354afc0651335f6		 pdf-javascript-stream PDF /JS object 87 at offset 0x105 27537 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.