PDF malware analysis — malicious · 7b244fa50ee481f9

MALICIOUS

PDF

3.2 KB

MD5: ef6bd234ffd8cbe496907fbe70a67c63 SHA-1: e49604f0f29b5b5d7b5da7d8e379eeee99d06fc5 SHA-256: 7b244fa50ee481f96e1e9070a97ea8c6e47493659aecc5cefca97375a32168c8

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file was flagged as malicious by ClamAV and an ML classifier, indicating it contains an exploit. Embedded JavaScript was detected, which is commonly used in malicious PDFs to download and execute further payloads. The specific exploit and payload delivery mechanism are not fully discernible from the provided heuristics and lack of readable document body, but the presence of JavaScript strongly suggests an attack pattern involving exploit execution.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `5f9c9382234559ad35103f6b7197b7a3fe5a4965b36c43180d4ff8c9d232b682`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9C8	436 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.