Malicious PDF — malware analysis report

Static analysis result for SHA-256 3c9a635dfa8598b9…

MALICIOUS

PDF

3.2 KB
MD5: e5cb1660e4cee7f0d91678b2f61326a4 SHA-1: b82c1c8afb46aa71ea63b3472cf80bcd40234f57 SHA-256: 3c9a635dfa8598b9ddf52afb2a835a16a83a13e119fce11d267ea95588f7405c
108 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged by ClamAV as Pdf.Exploit.Agent-36121 and a machine learning model with high confidence. Embedded JavaScript was detected, indicating an attempt to exploit vulnerabilities within the PDF reader. The ML classifier output of 0.999922 strongly suggests malicious intent, likely to download and execute a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
5aa9af5593ade045e39b8952657e2ac2c4be17c0e3b1e2320b5d21d8e0f34953		 pdf-javascript-stream PDF /JS object 7 at offset 0x9C8 474 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.