Home > Threat descriptions >

Trojan-dropper:JS/PdfDropper

Classification

Category: Malware

Type: Trojan-dropper

Aliases: Trojan-dropper:JS/PdfDropper.A

Summary


Trojan-dropper:JS/PdfDropper identifies specially-crafted PDF files that drop and execute a document file. The dropped document file in turn contains code that downloads and runs additional harmful programs.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


The PdfDropper file is usually distributed in spam email campaigns. Its appearance and content is usually designed to lure unsuspecting users into opening the file. The PDF file is specially crafted to contain and deliver a document file, which in turn has malicious macro code embedded in it.

Opening the PDF file causes JavaScript code included in it to run, which drops and opens the document file. This executes the embedded macro code, which contacts a remote server to download and run other harmful programs on the machine.

In previously analyzed samples, the downloaded programs include ransomware (Locky) and banking trojans (Dridex).