PDF / .TXT malware analysis — malicious · 36b32d6f34c2dec7

MALICIOUS

PDF / .TXT

10.4 KB

MD5: fdf562d5d2eb962c8927683cd7173e7d SHA-1: 41a90bdbef65360a306e2296de217bbbab27bd75 SHA-256: 36b32d6f34c2dec761921bbc671a6360bc2493a97d77526cd10de4fa60fdcecc

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/Scripting

The PDF file was flagged by ClamAV as Pdf.Exploit.Agent-24033 and a machine learning classifier indicated a high probability of maliciousness. Embedded JavaScript was detected, suggesting an attempt to exploit vulnerabilities within the PDF reader to execute arbitrary code. The exact function of the JavaScript could not be determined due to its size and potential obfuscation, but its presence is a strong indicator of malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-24033 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-24033
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0044_000.js` `6e248d7b2c86b71b804722b24cdb581cf72d2384115682666980c4dbe07a7ef8`	pdf-javascript-stream	PDF /JS object 44 at offset 0x14C	27361 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.