Malicious PDF — malware analysis report

Static analysis result for SHA-256 fbfc0a384473254b…

MALICIOUS

PDF

47.8 KB Created: 2006-02-16 15:03:51 -08:00 Authoring application: Acrobat PDFMaker 7.0.5 for PowerPoint (via subst)
MD5: b9d12e84f3c8e8308ca019927e53062c SHA-1: 32ed0279d2d52d2d7f3461d157fc4f174e72e20a SHA-256: fbfc0a384473254b2e785bde6922ddcbf5b9cc76ee25c30f14bd801d03a276c6
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The file is identified as malicious by ClamAV with the signature Pdf.Exploit.Dropped-94. Static analysis revealed embedded JavaScript, indicating an attempt to execute malicious code upon opening the PDF. The ML classifier also strongly flagged the PDF as malicious. The presence of JavaScript suggests the PDF is likely a dropper for further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-94
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
d68ff78cdcd58b099d79312e25067b58c79bfc0962cd14c5f271028dd3a3ee15		 pdf-javascript-stream PDF /JS object 76 at offset 0x99B 46152 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.