Malicious PDF — malware analysis report

Static analysis result for SHA-256 e7511cd94e3dc69f…

MALICIOUS

PDF

8.9 KB
MD5: f9a4638d2a1303372740a21e9309b96e SHA-1: e830842e014a8a8c23037f6ef6bfcce4960a8f6d SHA-256: e7511cd94e3dc69fcbaeb078220a0386018788a65757902def993eafebda8e1f
130 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution T1566.002 Phishing: Spearphishing Attachment

The PDF file was flagged by ClamAV as Win.Exploit.Fnstenv_mov-1, indicating it likely exploits the Fnstenv_mov vulnerability. A PDF launch action was also detected, which is commonly used to trigger exploits. The ML classifier strongly supports the malicious verdict. No document body or scripts were extracted, but the exploit detection is sufficient for a high-confidence assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 2

  • ClamAV: Win.Exploit.Fnstenv_mov-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Exploit.Fnstenv_mov-1
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.