PDF malware analysis — malicious · 45b222b982e99b03

MALICIOUS

PDF

11.9 KB

MD5: c5c31297b3a014c3dcde101ff89b8d4b SHA-1: 68fee8824915f2d32698bee28b4f260c1d55974f SHA-256: 45b222b982e99b03b473cd71b9d1a8354eded65e3af96b334649e0945da1e57b

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

This PDF file was flagged as malicious by a machine learning classifier and ClamAV, which identified it as Pdf.Exploit.Agent-36324. The presence of embedded JavaScript, detected by multiple heuristics, indicates an attempt to exploit vulnerabilities within the PDF viewer to execute malicious code. The primary attack vector appears to be the exploitation of a PDF vulnerability to run a script.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36324 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36324
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `f15f8d2d3ccfc7471d4f3fa4f2ee99afe100f5f8416bdb8f28850ff972a83120`	pdf-javascript-stream	PDF /JS object 76 at offset 0x2D4	11252 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.