Pdf.Dropper.Agent-7597011-0 PDF malware analysis — malicious · fc507827f4c78c27

MALICIOUS

PDF

6.0 KB

MD5: 6c9f92980469402db11f1a41af18689c SHA-1: ce414a80d413436d6d3b1dfd60abe7b6f36d87f9 SHA-256: fc507827f4c78c27ba97a5e16b82c5453f44e918da20a7c770d5cfdc467f1548

68 Risk Score

Malware Insights

Pdf.Dropper.Agent-7597011-0 · confidence 95%

MITRE ATT&CK

T1553 Subvert Trust Controls

The file is a PDF document identified by ClamAV as Pdf.Dropper.Agent-7597011-0. Static analysis revealed an embedded file, identified as 'home_williams_mount_marzipan_shared_IAR_Internal_PenTest_VIRUS_TESTING_virii_poc.jpg', which is likely the malicious payload. The document body text confirms the embedding of this file.

Heuristics 2

ClamAV: Pdf.Dropper.Agent-7597011-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7597011-0
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`home_williams_mount_marzipan_shared_IAR_Internal_PenTest_VIRUS_TESTING_virii_poc.jpg` `c51e2122afb0df5152c63828201b8f33f96eb9727b9de1e5b4e7f76d6673f698`	pdf-embedded-file	PDF EmbeddedFile object 8 at offset 0x430	13343 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.