Malicious PDF — malware analysis report

Static analysis result for SHA-256 30c9c3ac6ca139e6…

MALICIOUS

PDF

14.6 KB Authoring application: Jodipasi ja
MD5: deee333a66b898a337eac1cc9554b3b2 SHA-1: 6756b0a38050125d6497715e3c9aad24dc1f1b29 SHA-256: 30c9c3ac6ca139e6563fa58156de6a957dec96588829c8374ad1ab9b7ac94bd8
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.002 Spearphishing Attachment

The file was detected as malicious by ClamAV with the signature Pdf.Exploit.Agent-22777. Static analysis revealed embedded JavaScript, indicating an attempt to exploit vulnerabilities within the PDF reader. The ML classifier also strongly flagged this PDF as malicious. The document body contains obfuscated text, further suggesting malicious intent rather than legitimate content.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-22777 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-22777
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0020_000.js
077fcca03c8269c37be52eace04e4e1665cbfc4ca340be30de45cd17164e11bf		 pdf-javascript-stream PDF /JS object 20 at offset 0x2B6F 958986 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.