PDF malware analysis — malicious · a5707ff27b25d332

MALICIOUS

PDF

25.1 KB Created: 2011-72-51 03:25:00

MD5: d15c3924bf55f890eaedc330de247577 SHA-1: 3b408470c4df87703dcaf1eb3aa6166e2fdeee76 SHA-256: a5707ff27b25d332c1c3275b77e28803b676543cb683320fca4503fa02d7b1bb

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file was flagged as malicious by ClamAV and a machine learning classifier, indicating it contains an exploit. Heuristics indicate the presence of embedded JavaScript, which is likely used to execute malicious code. The specific exploit and its payload are not detailed, but the presence of JavaScript points to an attack pattern involving code execution within the PDF viewer.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36199 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36199
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0001_000.js` `d114e5d7825f81ad1e070073fb986365f644318874685b02d53dc636cdde1ae6`	pdf-javascript-stream	PDF /JS object 1 at offset 0x6201	443 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.