Malicious PDF — malware analysis report

Static analysis result for SHA-256 64044cce9cb96474…

MALICIOUS

PDF

8.9 KB
MD5: 4548215e439fec94ff0ca6d60267f898 SHA-1: 242e266dba01d3772326e14aeae439cfdba437a0 SHA-256: 64044cce9cb964743d053252dff65ca8974a2ff9bc84ab0ec86c41d1b63def7a
130 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is a PDF document flagged by multiple detection engines, including ClamAV with a specific exploit name (Win.Exploit.Fnstenv_mov-1). Static analysis identified a launch action, indicating an attempt to execute code upon opening. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 2

  • ClamAV: Win.Exploit.Fnstenv_mov-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Exploit.Fnstenv_mov-1
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.