PDF malware analysis — malicious · 6304e446c9887f10

MALICIOUS

PDF

3.3 KB

MD5: d3207fdaa8d2b72698e944e7c4df9474 SHA-1: b67444d9a173a685255e78a6a1f9a6d57a4f1eca SHA-256: 6304e446c9887f108153409104786d681e23938a308c6318b539e433de98a5ea

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

This PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating it contains an exploit. The embedded JavaScript action, when deobfuscated, reconstructs the string "document.info.title" and executes it, suggesting it attempts to leverage metadata for malicious purposes, likely to download and execute a second-stage payload. The primary IOC is the ClamAV detection name.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `608efed4fe9d8fcf682161e0cf6e9b292ad1d6112d94bf9bfcf1bb25ebc257bc`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA88	346 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.