Malicious PDF — malware analysis report

Static analysis result for SHA-256 f8d7b2fb6976ed0a…

MALICIOUS

PDF

10.1 KB
MD5: 6c64bb68481abd2e79c4a75b9c0bba1b SHA-1: e27bb4183a009ee10b9633cc2d88c14a6d95608f SHA-256: f8d7b2fb6976ed0a85b17fdb6608555474fa8b001379968c674d02e3c749d59c
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was detected by ClamAV as Pdf.Dropper.Agent-7326047-0, indicating it functions as a dropper. Heuristics indicate the presence of embedded JavaScript, which is commonly used in malicious PDFs to download and execute further stages of an attack. The large size of the embedded JavaScript stream suggests complex or obfuscated malicious code.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7326047-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7326047-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0069_000.js
ad32944b53e2f3e5a77a2eb353d4f3dd7c51f4845f815d0be98bc00e9301635e		 pdf-javascript-stream PDF /JS object 69 at offset 0x1BE 25221 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.