Pdf.Dropper.Agent-7323352-0 PDF malware analysis — malicious · f2ec76e071071d5f

MALICIOUS

PDF

5.5 KB Created: 2009-01-10 63:14:00 Authoring application: Jkkss (via Kk22q)

MD5: e1afd6deb4300e04d134e193935800cd SHA-1: c8d787c74d21e9e824f90038d3b604583b653255 SHA-256: f2ec76e071071d5f3e6b3375b370921251489991671da6e9923c31baa5e28fe8

108 Risk Score

Malware Insights

Pdf.Dropper.Agent-7323352-0 · confidence 99%

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged by multiple heuristics, including a high-confidence ML classifier and ClamAV detection as 'Pdf.Dropper.Agent-7323352-0'. The presence of embedded JavaScript, indicated by PDF_JAVASCRIPT and PDF_JS heuristics, suggests the document is designed to execute malicious code. This JavaScript likely acts as a dropper, downloading and executing a second-stage payload, which is a common technique for PDF-based malware.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7323352-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7323352-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0013_001.js` `dd935a42104bac96aad800ac566d6df7400b8eadd59dd1eefee58ad3c82ddbb1`	pdf-javascript-stream	PDF /JS object 13 at offset 0x37E	37731 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.