Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa6301a2e0a02586…

MALICIOUS

PDF

3.3 KB
MD5: 9987ca943f9b498866901c90ed847b2f SHA-1: 112a5f044f3f520d8eb1445d0d14bb6a99e23eb2 SHA-256: aa6301a2e0a025864e9828284dc95bb1a9c60dfa5a08eaf6ef515c576586b6a3
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Exploit.Agent-36121' and a high ML classifier score. Embedded JavaScript was also detected, indicating an attempt to execute malicious code. The presence of JavaScript suggests the PDF is designed to exploit vulnerabilities and download or execute a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
1f2fee7632d896a9b897d729d4189ada29d193c7cdde9b1fe5a09363f9574129		 pdf-javascript-stream PDF /JS object 7 at offset 0xA87 352 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.