Malicious PDF — malware analysis report

Static analysis result for SHA-256 36fdab19d92428e0…

MALICIOUS

PDF

3.2 KB
MD5: f966d06cc11ee5efbceb891b151c0e95 SHA-1: a1f9240767a5b51103b07db10a234dcb71666423 SHA-256: 36fdab19d92428e07f6f93114783d3f88a2e2db334bb65cfc18c8dec3d777e5a
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The PDF file was flagged as malicious by ClamAV with the signature Pdf.Exploit.Agent-36121. Static analysis also detected embedded JavaScript, indicating an attempt to exploit vulnerabilities within the PDF reader. The ML classifier strongly supports the malicious verdict. The embedded JavaScript likely attempts to download and execute a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
ddfe74a4b06b8245c5c5656bd27630c43c6f3fd4618594d4292ed1cb7a6fcd11		 pdf-javascript-stream PDF /JS object 7 at offset 0x9C0 451 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.