Malicious PDF — malware analysis report

Static analysis result for SHA-256 723d3abe2d92419f…

MALICIOUS

PDF

3.3 KB
MD5: 7e3f4441785248e4f1b1a9ce2c6a6cd6 SHA-1: 3d85e195d7ea4837eaae7d9680d4f883992ea983 SHA-256: 723d3abe2d92419f233b34f9f841329c68825ddb60ce7dc56d38faebf5da60ad
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically detecting an exploit. Embedded JavaScript was extracted, which appears to be designed to execute a command based on the document's title. This JavaScript likely serves to download and execute a secondary payload, a common technique for initial compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
9ba7590a22a1179ee11ed1072ab81d02e9122ef60fa527b504b614607836ba3e		 pdf-javascript-stream PDF /JS object 7 at offset 0xA84 338 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.