PDF malware analysis — malicious · 13f4f4ef945595c5

MALICIOUS

PDF

1001 B

MD5: 5384221891834966b2bb30ca8982aac3 SHA-1: 28bfc469f3e0a6227686c6f11b60294843a4b48a SHA-256: 13f4f4ef945595c53ffb8b4e8b2c0eab8c31a9d3a422c0f750512834def78c59

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, with heuristics indicating embedded JavaScript. The JavaScript code appears to be obfuscated but attempts to reconstruct and execute a string, likely a URL for downloading a secondary payload. This pattern is consistent with a malicious PDF dropper.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Malware.Agent-7658950-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Malware.Agent-7658950-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0001_000.js` `45307bd0ecc329d978513cf7425549bab80995a9d1f8969baa9526e224fd967c`	pdf-javascript-stream	PDF /JS object 1 at offset 0x127	478 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.