Malicious PDF — malware analysis report

Static analysis result for SHA-256 7d93bc98141a1638…

MALICIOUS

PDF

62.2 KB
MD5: 98cabf018b9edb6500ad967d90f7fad7 SHA-1: e715866d6074d5bc1f7c095acb4c6a180351f6e4 SHA-256: 7d93bc98141a163859b2f78042b08ab43c3143d7fe511079fa3c566a12541ddd
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings and a high ML classifier score. ClamAV also detected it as Pdf.Exploit.Agent-36388. The embedded JavaScript is likely used to exploit a PDF vulnerability for client execution, and the file was likely delivered as a spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36388 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36388
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.