PDF malware analysis — malicious · f87e06d7ffb0a615

MALICIOUS

PDF

15.5 KB Created: 2010-03-05 14:56:05

MD5: 8586f53e9b6831cdea028cbc0569a735 SHA-1: 29b1011f081a198d2de915e687290a3407842c90 SHA-256: f87e06d7ffb0a615bdb080d3b819cd8f5ea0f23b9d3cef83a836a36aeceb0925

106 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The sample is a PDF file flagged by multiple heuristics and ClamAV as malicious, specifically as a dropper. The presence of embedded JavaScript, identified as a high-risk indicator, strongly suggests the file is designed to execute code. This JavaScript is likely responsible for downloading and executing a second-stage payload, a common technique for malware droppers.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-1829117 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-1829117
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0022_000.js` `5bfecba9d89ead36d1fb15ff10df79204e8f6a04a970283e6e8a996c1f4a0f8a`	pdf-javascript-stream	PDF /JS object 22 at offset 0x305B	603321 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.