PDF malware analysis — malicious · 6d53ec7ceaac48a5

MALICIOUS

PDF

2.3 KB

MD5: 115b6f7a5dfef9b59c2091c14f950b50 SHA-1: b86f112bb937978a511b5ab70491350b5aa26d06 SHA-256: 6d53ec7ceaac48a5ca8bfe8d049e57e0976ee785b6c9206775e76c7752a1e96e

114 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript and triggers additional actions, indicating an exploit attempt. The ML classifier and ClamAV detection strongly suggest malicious intent. The embedded JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for initial compromise.

Machine Learning

Nyx PDF Classifier malicious score 0.9997

Heuristics 4

ClamAV: Pdf.Exploit.Agent-35646 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-35646
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Additional-actions dictionary low PDF_AA

PDF defines /AA (Additional Actions) that references an executable action (JS/JavaScript/Launch/SubmitForm) — can auto-trigger on document or widget events. Form-field calc/format/validate/keystroke handlers in legitimate interactive forms commonly fire this, so it is reported as a low-weight signal; weaponised auto-execution is flagged by stronger rules (PDF_OPENACTION, encrypted-with-JS, etc.)

Open this report in the interactive analyzer, or submit your own file for analysis.