Malicious PDF — malware analysis report

Static analysis result for SHA-256 6d4a74a4fd7d724e…

MALICIOUS

PDF

5.0 KB
MD5: 18b9d2518fc64ebaacef69c322cbd95d SHA-1: 2a73a51b99de6aa817a6c5b7bfc0d6fcc5922083 SHA-256: 6d4a74a4fd7d724eb3b9dd6800188bb567216457a5e902d9aa5175b526f58e0e
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings. The ML classifier and ClamAV detection strongly suggest malicious intent, likely involving exploitation of a PDF vulnerability to execute the JavaScript payload. No specific malware family could be identified.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-21825 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-21825
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.