Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f82d9ce60403023…

MALICIOUS

PDF

34.0 KB
MD5: 348138ed4c29db605ed59ac6c527285d SHA-1: 5d5a0d0ef35cf4e91d4d522f0e28ee31d81935ea SHA-256: 5f82d9ce60403023b1ef640bf242dc339804d62601b77ee25eff772710fab331
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

This PDF file was flagged as malicious by multiple detection engines, including ClamAV and an ML classifier. It contains embedded JavaScript, indicating it likely attempts to exploit vulnerabilities or execute malicious code upon opening. The presence of JavaScript suggests it is designed to download and execute a second-stage payload, a common technique for malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7265110-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7265110-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.