Skip to content
This repository was archived by the owner on Mar 5, 2026. It is now read-only.

SAMPLE.md

Latest commit

 

History

History
92 lines (72 loc) · 1.89 KB

SAMPLE.md

File metadata and controls

92 lines (72 loc) · 1.89 KB

pdf

[PDFiD]

  • PDF Header: %PDF-1.1
  • Total Entropy: 7.873045
  • Entropy In Streams: 7.970107
  • Entropy Out Streams: 4.896895
  • Count %% EOF: 1
  • Data After EOF: 0
Keyword Count
obj 9
endobj 9
stream 2
endstream 2
xref 1
trailer 1
startxref 1
/Page 1
/Encrypt 0
/ObjStm 0
/JS 1
/JavaScript 1
/AA 0
/OpenAction 1
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
/Launch 0
/EmbeddedFile 1
/XFA 0
/Colors > 2^24 0
Embedded File

Score: 50

Reasons:

  • /EmbeddedFile flag(s) detected
Triage

Score: 150

Reasons:

  • /JS: indicating javascript is present in the file.
  • /JavaScript: indicating javascript is present in the file.
  • /OpenAction: indicating automatic action to be performed when the page/document is viewed.
Suspicious Properties

Score: 50

Reasons:

  • Page count of 1

[pdf-parser]

TAGS

file_name:

  • eicar-dropper.doc

pestudio_blacklist_string:

  • JavaScript
Embedded Files
Object Sha256
8 eb0ae2d1cd318dc1adb970352e84361f9b194ff14f45b0186e4ed6696900394a
Carved Content

EmbeddedFile:

s<<++<<            /Names [(eicar-dropper.doc) 7 0 R]    /OpenAction 9 0 R

OpenAction:


<<
 /Type /Action
 /S /JavaScript
 /JS (this.exportDataObject({ cName: "eicar-dropper.doc", nLaunch: 2 });)
>>

JS:

(this.exportDataObject({ cName: "eicar-dropper.doc", nLaunch: 2 })    ; )