Malicious PDF — malware analysis report

Static analysis result for SHA-256 300adba272827fc1…

MALICIOUS

PDF

3.3 KB
MD5: 9efc7ab80d29013d33629b046a751ea9 SHA-1: ea1e8ae51a725a47ff5edb3a1ac8d638ed466ff5 SHA-256: 300adba272827fc1ee6428b9ccc982644918ba846decb15b28ef5159f8d0c1a7
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript

The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating it contains an exploit. Embedded JavaScript actions and streams were detected, suggesting the execution of malicious code. The specific exploit and its payload are not detailed in the provided evidence, but the presence of JavaScript points to an attack pattern involving code execution within the PDF viewer.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
6a7446c6410c7de0be7200b9fc4c2d017db7c0f97a3d26dd70eebe7ceacf670a		 pdf-javascript-stream PDF /JS object 7 at offset 0xA85 368 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.