PDF malware analysis — malicious · 33bc75ce66fcc514

MALICIOUS

PDF

4.4 KB

MD5: 99b5eb794448bb4b316420172055a43f SHA-1: bbbfaad012efc855eb634e4f1cb2fe4a8cbdf2e4 SHA-256: 33bc75ce66fcc51496030162bc19b9500ad14e71fb0c28e5a026c08fedfceb0a

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.001 Malicious Link T1204.002 Malicious File

The file is identified as a malicious PDF by ClamAV and a machine learning classifier, indicating it likely contains an exploit. Embedded JavaScript was detected, which is commonly used in malicious PDFs to execute arbitrary code or download further payloads. The specific ClamAV detection name 'Pdf.Exploit.Agent-36898' suggests a known exploit pattern.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36898 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36898
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0020_000.js` `b40f015bce66b421ac0929ac6d662b3529fb53852964256bfdb6b5683d5e4ff1`	pdf-javascript-stream	PDF /JS object 20 at offset 0xDFB	264 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.