Malicious PDF — malware analysis report

Static analysis result for SHA-256 0c03524fac680fec…

MALICIOUS

PDF

16.2 KB Created: 2010-03-05 15:19:50 Authoring application: Laxiwoveja
MD5: 4bacab431617fd3966bb359a4d207dfb SHA-1: a09ac820f19b5f3b0b911f4161ab805dec788956 SHA-256: 0c03524fac680fecd58be37a9378d74b8194aa8915c70f261b9e8073dfb75ca0
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The critical ClamAV detection and high ML heuristic indicate malicious intent. The presence of embedded JavaScript, identified by multiple heuristics, strongly suggests an exploit designed to execute arbitrary code. This pattern is commonly used to download and run further malicious payloads, aligning with the 'Pdf.Exploit.Agent-36066' signature.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36066 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36066
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0022_000.js
22e7b9b95199cc294a88baec03e968aa698abb89fdbf202e98b946c7b2639771		 pdf-javascript-stream PDF /JS object 22 at offset 0x30AF 971255 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.