Malicious PDF — malware analysis report

Static analysis result for SHA-256 e9dafdd72b89eab8…

MALICIOUS

PDF

9.3 KB
MD5: 9e3f59009e438239e8a8cb66d7dfcd39 SHA-1: 121dde39714c42f56ea130e73ebdd4a0147664c4 SHA-256: e9dafdd72b89eab8c3635859441da8296e9fb7b3e20a70602e25db70e07f8d9e
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/JScript

The critical ClamAV detection and high ML classifier score indicate maliciousness. The PDF contains embedded JavaScript, which is often used to download and execute further stages of an attack. The specific ClamAV detection name 'Pdf.Dropper.Agent-1829072' suggests its role as a dropper.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-1829072 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-1829072
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0069_000.js
d32134622a48bc3baa388313f994245507af685bb53fdb459194c3dd52b3815f		 pdf-javascript-stream PDF /JS object 69 at offset 0x1BE 17934 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.