Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a748fdc7642265b…

MALICIOUS

PDF

16.2 KB Created: 2010-03-05 15:19:50 Authoring application: Laxiwoveja
MD5: 050ea19a9178955e2e1fb925048ac220 SHA-1: 766488424fe5ee0fed107c546c4a40140e192a92 SHA-256: 7a748fdc7642265b25743a9ec7533fc64af16bd4cb3d1e10b5a15a28231b7844
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The file is a PDF containing embedded JavaScript, which is flagged by heuristics and ClamAV as malicious. The ML classifier also strongly indicates maliciousness. The embedded JavaScript is the primary mechanism for exploitation, likely leading to the download and execution of further malicious content. The specific exploit and payload are not detailed, hence the family is unknown.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36066 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36066
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0022_000.js
22e7b9b95199cc294a88baec03e968aa698abb89fdbf202e98b946c7b2639771		 pdf-javascript-stream PDF /JS object 22 at offset 0x30AF 971255 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.