Malicious PDF — malware analysis report

Static analysis result for SHA-256 dfc4ae337df22dd6…

MALICIOUS

PDF

12.6 KB
MD5: 364f0eb028b06651b8112c0623b9129e SHA-1: 25cd863220ccbb6bf4cff2d46af3a4d8d190b7d8 SHA-256: dfc4ae337df22dd66011a046c5ba1a0acc9ddcb924d0aac7154fa8f40dd4a8eb
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The PDF contains embedded JavaScript, which is a common technique for exploiting vulnerabilities in PDF readers. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded JavaScript is likely responsible for delivering a secondary payload or exploiting a known vulnerability.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36723 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36723
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
215fba3effef5c979b61ccc1a4f3ea91cb1d95a60e62963a07683e0c82dec7e5		 pdf-javascript-stream PDF /JS object 76 at offset 0x369 11794 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.