Malicious PDF — malware analysis report

Static analysis result for SHA-256 91b153e21411e5cf…

MALICIOUS

PDF

3.2 KB
MD5: f767ca6a32906a7198b21f76037ccb53 SHA-1: 2f53618c160d310a88fcf3702411bdf0eec9473f SHA-256: 91b153e21411e5cfd9e43fde5a282efcb2b3307c88e6a5a6495ad83b6e5cfdea
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The file is a PDF containing embedded JavaScript, flagged by multiple heuristics including a high-confidence ML classifier and ClamAV detection as Pdf.Exploit.Agent-36121. The embedded JavaScript is likely responsible for executing the exploit, leading to the malicious verdict. The specific exploit and its payload could not be fully determined due to the nature of the embedded script.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
18a8ba2b554d562d3d29d9a5ff151dee2420a696538cf53b9cba49989d7d9f44		 pdf-javascript-stream PDF /JS object 7 at offset 0x9C4 417 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.