PDF malware analysis — malicious · 0dc7f96db3e840c9

MALICIOUS

PDF

11.3 KB

MD5: f73fd31dd6619f38ef7a2fb0c66b5437 SHA-1: 62b5c4143911cb677fdbc400007b6d5c50047901 SHA-256: 0dc7f96db3e840c90cb6576aa5b3613823c7613ce834fa427330114b2c27a55e

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

This PDF file was flagged as malicious by ClamAV and an ML classifier, indicating it contains an exploit. Embedded JavaScript actions were detected, which are commonly used to download and execute further malicious content. The specific exploit detected, Pdf.Exploit.Agent-23349, suggests a known vulnerability is being leveraged.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 3

ClamAV: Pdf.Exploit.Agent-23349 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-23349
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0087_000.js` `92c86a122f29f02f12c4b2b7394fdaf88f373e38c732d19654e92c6bea84953e`	pdf-javascript-stream	PDF /JS object 87 at offset 0x105	27325 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.