Malicious PDF — malware analysis report

Static analysis result for SHA-256 e59134d0ff3edde9…

MALICIOUS

PDF

12.8 KB
MD5: ab0f00fc83ea029d4bea1fc43048cb94 SHA-1: 84fcf99238b3bbf0a7f3b701e60a64a5734a0cff SHA-256: e59134d0ff3edde90608c29dce82b8e86226eb47a1a33e3096de6bf440715799
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF containing embedded JavaScript, flagged by multiple heuristics and ClamAV as malicious (Pdf.Exploit.Agent-22577). The ML classifier also strongly indicates maliciousness. The embedded JavaScript is the primary mechanism for exploitation, likely leading to the download and execution of a further stage. The specific exploit used is not detailed in the provided evidence, but the presence of JavaScript points to a common delivery method for malware.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-22577 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-22577
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0020_000.js
af701efb1d43e0e8e5a6fa3dd7d2c71a63a43ed738a784db928607d66182d301		 pdf-javascript-stream PDF /JS object 20 at offset 0x2D24 1206 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.