PDF malware analysis — malicious · 5676319dac3e79e0

MALICIOUS

PDF

12.3 KB

MD5: 2ca1915c877891f2aa46081ca7f18249 SHA-1: 37b626a6eda8d9edccf50f3a07866608e5b497b2 SHA-256: 5676319dac3e79e0ff82eddde2f0c67ec9b39e028ee1b149548cd75c79cd71b6

108 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link

The file is identified as a malicious PDF by multiple high-confidence heuristics, including a critical ClamAV detection and an ML classifier. The presence of embedded JavaScript actions and streams indicates an attempt to execute malicious code, likely to exploit a PDF vulnerability and download a secondary payload. The specific ClamAV detection name suggests it's a known exploit.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36723 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36723
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `1a915c9656f4b696c05bb682cac06f14f7383248813a1612d06e471d2816c821`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11494 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.