Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b7c042b71d58af3…

MALICIOUS

PDF

46.9 KB
MD5: f608c8bb92078472ecf1fbfd3ff3ebd9 SHA-1: 3431a4c3871d14fd8b97ee8037e08036a4011f16 SHA-256: 4b7c042b71d58af3a654ac635e2ea2d14ed0d35c4976f9050f840355d9dc70c3
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged by multiple heuristics, including a high-severity ML classifier and critical ClamAV detection, indicating malicious intent. The presence of JavaScript actions and embedded JS streams suggests the PDF is designed to execute code, likely to download and execute a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36388 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36388
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.