PDF malware analysis — malicious · 154f6cf6773bb7e7

MALICIOUS

PDF

16.2 KB Created: 2010-03-05 15:19:50 Authoring application: Laxiwoveja

MD5: 68ee784118cb758f0be3057ce8856332 SHA-1: 5129947466eab0c27275d3d0a35c1ae8e6f6c4fd SHA-256: 154f6cf6773bb7e7fdd4c251e39d6cbfdba6c1aa1c85465ce92fa915bcef64b0

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The critical ClamAV detection and high ML classifier score indicate maliciousness. The presence of embedded JavaScript, identified by multiple heuristics, strongly suggests an exploit is being used to execute code. This pattern is commonly associated with downloading and running further malicious content, hence the classification as a downloader.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36066 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36066
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0022_000.js` `22e7b9b95199cc294a88baec03e968aa698abb89fdbf202e98b946c7b2639771`	pdf-javascript-stream	PDF /JS object 22 at offset 0x30AF	971255 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.