PDF malware analysis — malicious · 3c0a65096216b15f

MALICIOUS

PDF

68.5 KB

MD5: 15f122a29e70640276b03ccdbd74d022 SHA-1: 5498bacca44d9c046d83d3958705f9e8d5c320d1 SHA-256: 3c0a65096216b15fe04ebc68d484ae12fffe08be4a92e39f69f8dd704652b007

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The PDF file was flagged as malicious by a machine learning classifier and ClamAV, specifically detecting embedded JavaScript. The presence of PDF_JAVASCRIPT and PDF_JS heuristics indicates that the file contains and executes JavaScript, which is a common technique for exploiting PDF reader vulnerabilities and delivering further malicious content. The ML classifier's high confidence score further supports the malicious nature of this file.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Js.Exploit.HTML-29 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-29
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.