Malicious PDF — malware analysis report

Static analysis result for SHA-256 713d14154b756646…

MALICIOUS

PDF

3.3 KB
MD5: 8210cf221aaff10ad7638116491407f1 SHA-1: eb7ff6733ed6671144bcf420952814a1c6e2bcc1 SHA-256: 713d14154b756646dd37717beaf4b811bc9b611561a056e5769a8c54c68d059d
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, identified by heuristics and a critical ClamAV detection for 'Pdf.Exploit.Agent-36121'. The JavaScript code appears to be obfuscated but is designed to extract data from the PDF's title field and then execute it. This strongly suggests the script is intended to download and execute a secondary malicious payload, a common technique for exploiting PDF vulnerabilities. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
de4bd7ebbabf96d3bd164f478a6d3cbd167562ffdf40c73cb43fa0d3c1bff524		 pdf-javascript-stream PDF /JS object 7 at offset 0xA88 354 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.