PDF malware analysis — malicious · b152190f227e4c9b

MALICIOUS

PDF

3.2 KB

MD5: fbcd430ab011ba32def3fa3cb87ae59e SHA-1: 8625fd23307a3ff56d461e65c997ff6b52d13963 SHA-256: b152190f227e4c9bbd7e03680a85983e7e31b51fa79bad8b76af6687ee59d646

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file was flagged by ClamAV as Pdf.Exploit.Agent-36121 and a machine learning classifier indicated a high probability of maliciousness. Embedded JavaScript was detected, which is commonly used in PDF exploits to download and execute further stages. The ML classifier's high confidence and the specific ClamAV signature suggest a known exploit pattern.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `af072ac1a7249379f217a58e715eb00c53c8b890eee4f4acd0c6b1187bfecacf`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9D8	468 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.