PDF malware analysis — malicious · 69c1362c8303d65b

MALICIOUS

PDF

41.1 KB

MD5: c29eb5c9fb63c88644dff6412ca7fe33 SHA-1: 1b0c7748358e2516b8ed0dff874190f85fe3b164 SHA-256: 69c1362c8303d65b789c6f2fa99423a5bf19294ecdd602fb4a3533c0a4364d73

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics and a critical ClamAV detection (Pdf.Exploit.Agent-36388). The ML classifier also strongly indicates maliciousness. The embedded JavaScript is likely used to exploit a client-side vulnerability for code execution, a common technique for malicious PDFs.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36388 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36388
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.