PDF malware analysis — malicious · c1be5a525709a6de

MALICIOUS

PDF

10.4 KB

MD5: 3230789230cb0bc5e66bab2fa591dccb SHA-1: d379d336bb2088b4042ab71a78c4da0a8ce79b73 SHA-256: c1be5a525709a6dea7cff2f6c62b315828c81d438d0484098b910b7a653ac9c4

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF containing embedded JavaScript, as indicated by multiple heuristic firings and the presence of a javascript_obj0018_000.js artifact. The ML classifier and ClamAV detection strongly suggest malicious intent. The embedded JavaScript is likely responsible for exploiting a vulnerability within the PDF reader to execute arbitrary code, leading to the detection of 'Pdf.Exploit.Agent-21372'. The document body contains garbled text and what appears to be a list of words, which does not provide a clear lure but the technical indicators are strong.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-21372 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-21372
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0018_000.js` `18849879bfcc18ec9de5e54eb51ede905ca1ac778d85a7e125b6c1152273d386`	pdf-javascript-stream	PDF /JS object 18 at offset 0x2367	2174 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.