PDF malware analysis — malicious · 4f567059fe3f84da

MALICIOUS

PDF

13.1 KB

MD5: c5586c88dc31fee300c75ff380915450 SHA-1: 0ee6b825109185d5d764d8f1e06f6c461a1c9754 SHA-256: 4f567059fe3f84da6cb7afe626631bb10024660eb7c486062ce589a5b01b0638

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file was flagged by multiple heuristics, including a high-severity ML classifier and critical ClamAV detection, indicating malicious intent. An embedded JavaScript stream was extracted, which likely contains the exploit code. The ClamAV detection name 'Pdf.Exploit.Agent-36723' suggests it exploits a known PDF vulnerability to deliver a payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36723 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36723
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `d2fa25d5bc228fe07f9d259ce2a01bc776d42f81071a4a12c487621aa8d4040f`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	12285 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.