PDF malware analysis — malicious · 5c4e9b1570a664b8

MALICIOUS

PDF

3.3 KB

MD5: 7350d20d7531fc1ee62a1982cab25d64 SHA-1: 794b4e5b69daa85ba3c9c039aa449e6d87959f03 SHA-256: 5c4e9b1570a664b8a6cb7d322784a71de6bf0d048de707771d31dee2966aa157

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript that is obfuscated but appears to extract characters from the document's title to form a string. This string is then passed to a function that likely executes it, indicating an attempt to download and run a secondary payload. The ML classifier and ClamAV detection strongly support a malicious classification, pointing towards an exploit targeting PDF viewers.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `e6d439fbfdfda8c5768987229959fa341275c6639ea3958e3e6ddb9aa04a8211`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA88	322 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.