PDF malware analysis — malicious · 12c05ed2c1055b8a

MALICIOUS

PDF

47.6 KB

MD5: 473dd5d7a967eb5ee9d1aa8e79c0d681 SHA-1: 8e2651cbb0924cdb0585c081aa4486bbe9d4c973 SHA-256: 12c05ed2c1055b8aefdc3c0089cff59f5de9b219f3c0f7ca1f547fb54a7cb024

106 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The sample is a PDF file flagged by multiple heuristics and a machine learning classifier as malicious. ClamAV specifically identifies it as Pdf.Exploit.Agent-36388, indicating it likely exploits a known PDF vulnerability. Embedded JavaScript actions and streams suggest the execution of malicious code, likely to download and execute a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36388 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36388
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.