PDF malware analysis — malicious · b2568a9955213389

MALICIOUS

PDF

12.4 KB

MD5: b8b8ab2e8aeb42d80d169f22277003f3 SHA-1: 44db533179d375fdf6fba68a9a878a4bd534907d SHA-256: b2568a9955213389df6ef32714915e2726399734e16681831899992a1088cd07

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Exploit.Agent-36723' and a high ML score. Embedded JavaScript streams were detected, indicating an attempt to execute malicious code. The primary attack pattern involves exploiting PDF vulnerabilities to run this embedded script, likely to download and execute further payloads.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36723 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36723
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `91b6f74d27908db6f1773b46efc58c1df63c5ed4b2e7c5602083efbaaf3ef41e`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11546 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.