Malicious PDF — malware analysis report

Static analysis result for SHA-256 b17c499a5cf3a36c…

MALICIOUS

PDF

5.8 KB
MD5: 7e53969d7f406eb827dad87cd6134edb SHA-1: 1944185a70cd9769daa302afd26b0a9d44846d99 SHA-256: b17c499a5cf3a36c8c40f3fc40766cfc2d103cde67a55df1ffdb6d7c5b762de8
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious JavaScript

The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. Heuristics indicate the presence of embedded JavaScript, which is often used to download and execute further malicious payloads. The ML classifier's output of 0.999934 strongly supports the malicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7294162-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7294162-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.