PDF malware analysis — malicious · 9fc0bd3f6fe63a3a

MALICIOUS

PDF

2.6 KB Created: 2008-31-20 53:85:00 Authoring application: aaaaaaaa

MD5: b223c7b5574adc11a7354c48d93287e2 SHA-1: 7ed80d90c8c63465ea65e3b4a6bdbefa145a5e2b SHA-256: 9fc0bd3f6fe63a3aa73cc032ab726a53845a447b99e6731527df817928ffab93

108 Risk Score

Malware Insights

The PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating it contains an exploit. A JavaScript stream was extracted, suggesting the execution of malicious code. The ML classifier's high confidence score and the ClamAV detection strongly support the malicious nature of the file. The presence of JavaScript points towards an attempt to execute arbitrary code, likely for exploitation.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Pdf.Exploit.Agent-36014 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36014
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0013_001.js` `26a454774915a5c60d11ec7e1d163538a6cb6ef6565b43b5ec7e7bd8fcaf69cc`	pdf-javascript-stream	PDF /JS object 13 at offset 0x328	4003 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 6 eval/decoder/string-building token(s).

Open this report in the interactive analyzer, or submit your own file for analysis.