Malicious PDF — malware analysis report

Static analysis result for SHA-256 1d9f618c0b49f43d…

MALICIOUS

PDF

12.4 KB
MD5: ba06c682fe35fd0338e3fc920eea928d SHA-1: cfaa4a7e5cd4a09278d2ab9f9d5458fbdacc094e SHA-256: 1d9f618c0b49f43d6bb24a7de98f02acc960a90ade5fb7a5686a2ab6159d19b1
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.002 Malicious File

This PDF was flagged as malicious by multiple engines, including a high-confidence ML classifier and ClamAV, which identified it as Pdf.Exploit.Agent-36388. The presence of JavaScript actions and embedded JS streams indicates an attempt to execute malicious code, likely to download and run a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36388 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36388
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.