MALICIOUS
106
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF is encrypted and appears to be image-only, a common lure technique. Heuristics indicate a payment redirection lure, suggesting a business email compromise attempt. ClamAV detected the file as Pdf.Dropper.Agent-6308054-0, confirming its malicious nature. No scripts were extracted, limiting the ability to determine the exact payload delivery mechanism.
Heuristics 5
-
ClamAV: Pdf.Dropper.Agent-6308054-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-6308054-0
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTEDPDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
-
PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LUREPDF has 2 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: error. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Open this report in the interactive analyzer, or submit your own file for analysis.