Malicious PDF — malware analysis report

Static analysis result for SHA-256 e6dfbc7b65f3ed43…

MALICIOUS

PDF

3.3 KB
MD5: b9052ea0d14f9220206b08e185d1f080 SHA-1: c22bc787ac77bc3867e9b9aaaa7b4e61a8ff3142 SHA-256: e6dfbc7b65f3ed432eea6e7210e4fd8d52c58f0ff9b68308336c87135ae2c783
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating it contains an exploit. Heuristics indicate the presence of embedded JavaScript, which is commonly used in malicious PDFs to deliver payloads or redirect users. The specific ClamAV detection name 'Pdf.Exploit.Agent-36121' is included as a primary IOC.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
45fd45803b97712f336943067ca8f975a32e1ae4d23ccfd9430a29da8f916d6e		 pdf-javascript-stream PDF /JS object 7 at offset 0xA86 306 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.