PDF malware analysis — malicious · 1b320cc0350d7b98

MALICIOUS

PDF

12.4 KB

MD5: 0731f94b9a5cd47da812ca9d891212c8 SHA-1: 7339a536c8004e6bb9a695f8b2661f4ef8463dc5 SHA-256: 1b320cc0350d7b98c341d1863804b90550b96a8f78eb6c8c4e48fa6350118478

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious Link: Malicious File

The PDF file was flagged by a machine learning classifier and ClamAV as malicious. It contains embedded JavaScript, which is often used to download and execute further stages of malware. The presence of JavaScript actions and embedded JS streams indicates an attempt to run malicious code upon opening the document.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36281
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `c7da7e045c9889274e1210c52bbf4933c6e39740dc1b4d90a6d02dbcf00ab294`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11591 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.