Malicious PDF — malware analysis report

Static analysis result for SHA-256 0f65de9640d6bd54…

MALICIOUS

PDF

11.7 KB Authoring application: sli
MD5: 0d79df73b723fd45b7137bcbf8c5cd18 SHA-1: e1d164c9ea9a6807a516f9e0e1bc55e9ff08b21b SHA-256: 0f65de9640d6bd54a21a2e7114c60c8258c26e475f9d79651935e83b42cbc309
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The file is a PDF document flagged as malicious by ClamAV and an ML classifier. Heuristics indicate the presence of embedded JavaScript, suggesting an exploit is used to execute code. This JavaScript likely downloads and executes a secondary payload, a common technique for malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-91 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-91
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.