PDF malware analysis — malicious · 256a42d89a648645

MALICIOUS

PDF

12.1 KB

MD5: be8cafead3ae18cf47aff05983b51707 SHA-1: 999e005871e9b1c8aa38d7999fd8f7912c553730 SHA-256: 256a42d89a648645964c0488f534b677dd8b5d048785e2b5ffbd872fbdd8a89e

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

This PDF file was flagged as malicious by multiple detection engines, including a high-confidence ML classifier and ClamAV, which identified it as Pdf.Exploit.Agent-36722. The presence of embedded JavaScript, indicated by heuristic firings and the embedded artifact, suggests an attempt to exploit vulnerabilities within the PDF reader to execute malicious code. The primary attack vector appears to be leveraging JavaScript to achieve initial compromise.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36722 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36722
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `b6e8a683cc2101bc23bf030cec854381ffbc5b80b2203f9005ad5af6c12cfefb`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11243 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.