Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5abde2316234c75…

MALICIOUS

PDF

8.9 KB
MD5: 9e965e2984a4da27750c2a19e057e9d4 SHA-1: 0bc470f9dae365d1400cb48f02daf2fed55f6198 SHA-256: a5abde2316234c752463eb950c705ef00b60a2131b4530417ac85a6eaf5f6446
130 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The PDF file was flagged as malicious by a machine learning classifier and ClamAV, specifically detected as Win.Exploit.Fnstenv_mov-1. A launch action heuristic indicates the PDF is configured to execute an embedded exploit, likely targeting a known vulnerability in PDF rendering engines.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 2

  • ClamAV: Win.Exploit.Fnstenv_mov-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Exploit.Fnstenv_mov-1
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.