Malicious PDF — malware analysis report

Static analysis result for SHA-256 3af1f8948a246a40…

MALICIOUS

PDF

3.3 KB
MD5: a412bd910bfd73036b50f09ecdc1802b SHA-1: 1e043578951b6f4536f19cf4b5db5b302539c120 SHA-256: 3af1f8948a246a40e38178822b1bf5a393baac0bdfd9c95f01cbf0ed188cc79d
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Exploit.Agent-36121' and a high ML score. Embedded JavaScript was also detected, indicating an attempt to execute malicious code. The presence of JavaScript and the exploit detection strongly suggest the PDF is designed to download and execute a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
e9d2c017275268185955d87fe35288169fb1c00bfb81b257a6312cd3975dd527		 pdf-javascript-stream PDF /JS object 7 at offset 0xA87 304 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.