Pdf.Dropper.Agent PDF malware analysis — malicious · f491d6b870d2eaf1

MALICIOUS

PDF

21.9 KB Created: 2009-05-01 21:21:45 Authoring application: tvEeSFCPx (via NeTSnrx)

MD5: b83853a07f796fb19777a3bf9f6a1f24 SHA-1: 2e94c0b87f28041162f47235de7aa20016143ba9 SHA-256: f491d6b870d2eaf122f567a30136a12094df59e286d6934701c39e86986aa8d2

146 Risk Score

Malware Insights

Pdf.Dropper.Agent · confidence 95%

MITRE ATT&CK

T1059.001 PowerShell

This PDF was flagged by ClamAV as Pdf.Dropper.Agent-1829076 and ML classifiers indicate a high probability of maliciousness. Embedded JavaScript, including an eval() call, suggests the execution of obfuscated code. The script likely decodes and executes a payload, consistent with a dropper's behavior. The authoring application 'tvEeSFCPx' is also noted.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Pdf.Dropper.Agent-1829076 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-1829076
eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.