PDF malware analysis — malicious · c6da0cb708e6e845

MALICIOUS

PDF

12.7 KB

MD5: acfcc66a66f6d7bfea05383868cfe65d SHA-1: 603160178d9f67ec8677f27981860912122f715b SHA-256: c6da0cb708e6e845643a1d61f323ce3eb6f968b8ff713bee50c3240dfb7660ed

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF file was flagged by multiple heuristics, including a high-confidence ML classifier and ClamAV detection, indicating malicious intent. Embedded JavaScript streams are present, suggesting an attempt to execute malicious code or exploit vulnerabilities within the PDF reader. The ClamAV detection 'Win.Trojan.Agent-36281' provides a specific identifier for the detected threat.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36281
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `d30abfe9686e8e34443b1e8578960157e90710632e77cc57eaf57631fbc24a87`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11852 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.