Malicious PDF — malware analysis report

Static analysis result for SHA-256 75fd52c3ec4e8da0…

MALICIOUS

PDF

3.3 KB
MD5: bb3d9b42a925474452a4c9bce3ac9e31 SHA-1: d1b613b9cdce019c9cbcc7fd6dc8317db32724c8 SHA-256: 75fd52c3ec4e8da0ddf96a81f0fb764d0a3d8361bd6fad5dddad22f41327bea6
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file was detected as malicious by ClamAV with the signature Pdf.Exploit.Agent-36121. Static analysis revealed embedded JavaScript, indicating an attempt to exploit vulnerabilities within the PDF reader. The ML classifier also strongly flagged this PDF as malicious. The exact JavaScript payload could not be fully analyzed due to obfuscation, but its presence is a strong indicator of malicious intent, likely to download and execute a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
bcc851e5337d74c2a1bf738bc8e2af2f46760a1876f283c8efcf0747161a45dd		 pdf-javascript-stream PDF /JS object 7 at offset 0xA87 304 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.