PDF malware analysis — malicious · fb981bd178119178

MALICIOUS

PDF

58.1 KB Created: 2009-11-15 19:41:70 Authoring application: PDF Library 4.3.9 (via PDF Library 3.9.7)

MD5: 3e8ab18cc750e91e0dfa891f4f0b7ac6 SHA-1: 437fe5ecfc6f583808638d81e62c7131227d2a54 SHA-256: fb981bd178119178cb3aa7fd74e9c3facfc60308b1ce8b184d420a588eadcaf4

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV heuristic identified the file as 'Pdf.Dropper.Agent-7685849-0', indicating it functions as a dropper. Low-level heuristics also detected embedded JavaScript, suggesting the PDF is designed to execute malicious code. The JavaScript's likely purpose is to download and execute a second-stage payload, which is a common dropper behavior.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7685849-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7685849-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `0bccfb0d4b7635f5e905811499a809746454e73ce9dc382670d7fecb4a500414`	pdf-javascript-stream	PDF /JS object 7 at offset 0x1A5	117043 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.