Malicious PDF — malware analysis report

Static analysis result for SHA-256 68d14875af47fbb1…

MALICIOUS

PDF

3.3 KB
MD5: 16ffd1c208adf0e0b6fbec30c60d6de8 SHA-1: 469cba089bef3563d25381d49e19388c8bcf0c7b SHA-256: 68d14875af47fbb1475a1b8a01cc6635325d213992f898050ec845369ba489ac
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution

This PDF file was flagged as malicious by ML classifiers and ClamAV, indicating it contains an exploit. The embedded JavaScript attempts to extract characters from the PDF's title property and then execute them. This is a common technique for exploiting PDF vulnerabilities to achieve arbitrary code execution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
f81fd35fcf68a0f986f5bbe8b8f448e3371c3bb9047f0054281122e89c012974		 pdf-javascript-stream PDF /JS object 7 at offset 0xA88 284 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.