PDF malware analysis — malicious · 4cc0c04a03aa5be7

MALICIOUS

PDF

3.3 KB

MD5: 118da6fd3c4db51c6d2624b8ac2642d5 SHA-1: 962ef65d73cffa474439a09a22b3dc30aaed0a4a SHA-256: 4cc0c04a03aa5be7b99432b576163ee90579410f230a5cc4fcb86f6dd004fdcc

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Exploit.Agent-36121' and a high ML score, indicating malicious intent. Embedded JavaScript actions were detected, suggesting the document is designed to exploit PDF vulnerabilities. The primary function appears to be the execution of this JavaScript, which likely serves to download and execute a secondary payload, a common technique for initial access.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `522f04aa6723bf51f5355a12c5522504b08caa755aa9fae9d9a5f40fd50222da`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA84	330 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.