PDF malware analysis — malicious · bb9d2601adb61ed7

MALICIOUS

PDF

4.4 KB

MD5: 055d7e7369bcb6681d4b3d0e5cddd00c SHA-1: ec450482abc5af69ae49072b738cb70fa4eaf874 SHA-256: bb9d2601adb61ed7b87f0c9ff61fc28e2c87a58d971c50e659fadaabca7d74f6

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file was flagged by ClamAV as Pdf.Exploit.Agent-36898 and a machine learning classifier indicated a high probability of maliciousness. Embedded JavaScript was detected, suggesting an attempt to exploit a vulnerability within the PDF reader to execute arbitrary code. The exact payload or further actions are not discernible from the provided evidence, but the presence of exploit-related heuristics points to a malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36898 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36898
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0020_000.js` `0c031c1f45088f74a0eb9f4cfb21a21d112dd542e0a303d15282c83c41102d03`	pdf-javascript-stream	PDF /JS object 20 at offset 0xE09	289 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.