Malicious PDF — malware analysis report

Static analysis result for SHA-256 0337f8cda89950e9…

MALICIOUS

PDF

118.6 KB
MD5: 814b87bcf556dd5f3232059a0f66a730 SHA-1: 582069b28bd6a8afbb3269ee942b8730cb661c74 SHA-256: 0337f8cda89950e959821f8b3e58433726addb174737a9c3b89fddc1560cad50
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings and ClamAV detection. This JavaScript is likely designed to exploit a vulnerability within the PDF reader to execute arbitrary code, a common technique for delivering further malicious payloads. The ML classifier strongly supports the malicious nature of this file.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36388 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36388
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.