Malicious PDF — malware analysis report

Static analysis result for SHA-256 dc337b74d163ee73…

MALICIOUS

PDF

3.3 KB
MD5: 05dd9b97a6fc910db0621213f23ee2e2 SHA-1: f26bfa5f4b8a06ff85daa86a56f3de239065066e SHA-256: dc337b74d163ee73465cba70f7e36e15f9b01b712add39fb0639bc4319b0eef8
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious JavaScript

The PDF contains embedded JavaScript, indicated by multiple heuristic firings and the presence of an embedded JS stream. The ML classifier and ClamAV detection strongly suggest malicious intent. The embedded JavaScript is likely responsible for exploiting a vulnerability within the PDF reader to execute arbitrary code, as suggested by the 'Pdf.Exploit.Agent-36121' ClamAV signature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
c483f76f38b8009cb1737f000cdd15d5a835f121daa1278d447f4a0331df69b3		 pdf-javascript-stream PDF /JS object 7 at offset 0xA87 343 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.