PDF malware analysis — malicious · f04797494a62318d

MALICIOUS

PDF

4.3 KB Created: 2009-08-23 19:47:07 Authoring application: Elza 2.6.6.3 (via PDF Library 4.8.1.5)

MD5: fcf3767659197ebed38a733a01e5979c SHA-1: 32bf0ecf3e64fa2ed7346c3a46371cfbdfd11f63 SHA-256: f04797494a62318dacbbf5e6d897c478b5e9156547fa09fc03414d1849109409

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The file is identified as malicious by ClamAV as Pdf.Dropper.Agent-7322228-0. Static analysis detected embedded JavaScript, indicating an attempt to exploit PDF vulnerabilities. The ML classifier also strongly flagged the file as malicious. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, which is a common dropper behavior.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7322228-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7322228-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0014_000.js` `e4f5a7c8856f64bdcc5ff48e5baa9346f86204b95df1a0e79ec66e4dcaa7363e`	pdf-javascript-stream	PDF /JS object 14 at offset 0x398	41214 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.