Malicious PDF — malware analysis report

Static analysis result for SHA-256 12730b56d01ed64f…

MALICIOUS

PDF

43.6 KB
MD5: f0ed47b3e1c956b3cec98d3665f165d4 SHA-1: 6a8f95f7a8721160974f0582a188c26cc7d891c7 SHA-256: 12730b56d01ed64f77cdd16d7d9678890d2e3ac47626f2531256c75bf9cf7b23
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics and ClamAV as malicious. The ML classifier also strongly indicates maliciousness. The embedded JavaScript is likely used to exploit a client-side vulnerability for execution, and the file was likely delivered as a spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36388 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36388
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.