PDF malware analysis — malicious · c28e4f149a0ee6ce

MALICIOUS

PDF

12.2 KB

MD5: b436fa371155c8351f0b62b5a4f89eed SHA-1: 9702325f0562279bc5aa420807c26ad565cbf116 SHA-256: c28e4f149a0ee6cea387bbf5e89d4144fc4af0cc9dfffd8083d8a12340119f68

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF file was flagged by ClamAV as Pdf.Exploit.Agent-36723 and a machine learning model with high confidence. It contains embedded JavaScript, indicating an attempt to exploit vulnerabilities within the PDF reader. The primary mechanism for exploitation appears to be through this JavaScript, which is likely designed to download and execute a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36723 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36723
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `4f8e8a4c22802b0cf5b9483e2d4ea7eca52ea29e9cc312489af8d27f3b930508`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11350 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.