Malicious PDF — malware analysis report

Static analysis result for SHA-256 c1c13992eb049928…

MALICIOUS

PDF

14.0 KB First seen: 2021-05-04
MD5: 0536f357eba2723e548387ef1ae6a020 SHA-1: 57c6b93fa2acb1bf86d2bc2b9696754c4a211282 SHA-256: c1c13992eb049928e1e4caa59fbf24c52270885a01f44284f3faef25f5f87040
138 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9746

Heuristics 3

  • Malformed JPEG2000/JP2 box structure high CVE related PDF_JP2_BOX_ANOMALY
    PDF embeds JPEG2000/JP2 data with malformed box sizes. This is a parser-exploit indicator for JPX/JPEG2000 CVE families, not a unique CVE fingerprint.
  • ClamAV: Win.Exploit.CVE_2018_4990-6599478-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Exploit.CVE_2018_4990-6599478-0
  • AcroForm button with action trigger low PDF_ACROFORM_BUTTON
    PDF contains a /Btn form field together with a SubmitForm/URI/Launch/JS trigger — this is the building block of fake 'Download' or 'Open' button overlays used in PDF phishing lures

Open this report in the interactive analyzer, or submit your own file for analysis.