PDF malware analysis — malicious · f1e10c2ac4b8fe2c

MALICIOUS

PDF

47.7 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via subst)

MD5: 9ff82bd09dc55e108a04bbe15b7f1cba SHA-1: 97db294f49f761281cb9a3c435ce194f8cbcea21 SHA-256: f1e10c2ac4b8fe2cdb3418d8867a0e28df6569f74a731821e6874ff10f1d2cc9

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

This PDF was flagged as malicious by a machine learning classifier and ClamAV, which identified it as Pdf.Exploit.Dropped-94. The presence of embedded JavaScript and a JavaScript action indicates that the PDF is designed to execute malicious code, likely to download and execute a second-stage payload. The ML classifier's high confidence score supports this assessment.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `4d1af070e3afb52ae31d27ff928c451e20dd1754186cab70d8224177e6c41d1a`	pdf-javascript-stream	PDF /JS object 76 at offset 0x99B	46062 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.