PDF malware analysis — malicious · fa502d570173c018

MALICIOUS

PDF

5.9 KB

MD5: bc3a41dd3cd236f1e395b2b681acf430 SHA-1: 337c1e52f38be44c9e7961bbd81164f27177b78a SHA-256: fa502d570173c018a41ede30fe76decd58df9a794daf050d19179ca849c9d5eb

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Dropper.Agent-7326860-0'. Embedded JavaScript streams were also detected, indicating the likely execution of malicious code. The ML classifier strongly supports the malicious verdict. The embedded JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for dropper malware.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7326860-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7326860-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0012_000.js` `61b46047f90b888a00e497def64b956f6da2cb6e69e8905a21e0ba446aa10cd0`	pdf-javascript-stream	PDF /JS object 12 at offset 0x14FC	93 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.