PDF malware analysis — malicious · 8f5fe88f82302be0

MALICIOUS

PDF

12.5 KB

MD5: e907016749329496b554bcd85ebf2ebf SHA-1: 0a27256a5a6c8221925177ade76bb75e22d2469c SHA-256: 8f5fe88f82302be00cf5148d53abd7a5db8d14fdab084e9eb8374e292de7423a

108 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating it contains an exploit. Embedded JavaScript was detected, which is commonly used in malicious PDFs to execute arbitrary code or download further payloads. The specific ClamAV detection name 'Pdf.Exploit.Agent-36723' suggests a known exploit pattern within the PDF structure.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36723 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36723
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `7af7d35cecff198657912b9cc38dde86dc501413f713d8e9d510deae430a68d6`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11675 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.