PDF malware analysis — malicious · 09b01f56e968f05d

MALICIOUS

PDF

16.2 KB Created: 2010-03-05 15:19:50 Authoring application: Laxiwoveja

MD5: 544ec2ce8854fa7741d32b98ea4e9922 SHA-1: 444a3c21d489f9f9ecadee6fbbce74c6dc3b767a SHA-256: 09b01f56e968f05db0c08d5e992a62afd345501e8f81eec17371dd429866915c

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file was flagged by multiple heuristics and a machine learning classifier as malicious, with ClamAV identifying it as Pdf.Exploit.Agent-36066. Embedded JavaScript was detected, indicating an attempt to exploit vulnerabilities within the PDF reader for code execution. The large size of the embedded JavaScript stream suggests it is likely responsible for downloading and executing a further stage of malware.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36066 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36066
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0022_000.js` `22e7b9b95199cc294a88baec03e968aa698abb89fdbf202e98b946c7b2639771`	pdf-javascript-stream	PDF /JS object 22 at offset 0x30AF	971255 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.