PDF malware analysis — malicious · 7e140b4d3d1269ed

MALICIOUS

PDF

22.6 KB

MD5: d13a750c1ff10a637fe4230abe0c67ba SHA-1: 434d9a95bda61fb816676c19aed6ed22fa0e8c93 SHA-256: 7e140b4d3d1269ed4571da09607fce99d22aaffa485ff55edb63aede97c982fb

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF contains embedded JavaScript, as indicated by the PDF_JAVASCRIPT heuristic. The ML classifier and ClamAV detection strongly suggest malicious intent, likely exploiting a vulnerability to execute this script. The script's exact function is obscured, but its presence is the primary indicator of malicious activity.

Machine Learning

Nyx PDF Classifier malicious score 0.9990

Heuristics 4

ClamAV: Pdf.Exploit.Agent-35606 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-35606
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://ns.adobe.com/xap/1.0/
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/mm/

Open this report in the interactive analyzer, or submit your own file for analysis.