Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d3c56affa116615…

MALICIOUS

PDF

25.1 KB
MD5: 113c27277ab3b125cbc23c1e9cc81df3 SHA-1: ef1cbe178bb0ec3cf7d860bab97e4a56625a4c11 SHA-256: 5d3c56affa1166153fea4884840eecb9712bc72da61b0a0d48f08ceb4b70796c
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

This PDF file was flagged as malicious by multiple heuristics, including a high-confidence ML classifier and ClamAV detection (Pdf.Exploit.Agent-36388). The presence of embedded JavaScript actions and streams indicates an attempt to execute code, likely for the purpose of downloading and executing a second-stage malicious payload. The primary attack vector is presumed to be spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36388 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36388
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.