Malicious PDF — malware analysis report

Static analysis result for SHA-256 ec651290751b0c18…

MALICIOUS

PDF

15.6 KB Created: 2010-03-30 18:01:51 Authoring application: Uidopijxoha (via Zeafelivicetoo)
MD5: 12a3e66a23c08190a95cb76bdaf7d169 SHA-1: 234a631141c0512abd1e0d8dde26e1d5b9b8558a SHA-256: ec651290751b0c181634744aa117346ddd06cf513110ae659d50a7f7d3fa44e1
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings and the presence of a javascript_obj0024_000.js artifact. The ML classifier and ClamAV detection strongly suggest malicious intent, specifically a dropper. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, a common technique for PDF-based malware delivery. The document body text is heavily obfuscated and does not provide clear user-facing content, reinforcing the likelihood of a technical exploit.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7320458-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7320458-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0024_000.js
c8f6764cc4d472e49794b279fc78e3bd244c6bd6256b90d2e692186dfd8d94af		 pdf-javascript-stream PDF /JS object 24 at offset 0x33F5 34175 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.