PDF malware analysis — malicious · ea13c2eb295a1f7b

MALICIOUS

PDF

3.2 KB

MD5: dcab6a59d1e95dde4792e11db205a9a2 SHA-1: c8c425d8d308b1a9bd0448896341cc415b1123b3 SHA-256: ea13c2eb295a1f7bfe5d4af87017a26a9cde9469e01b89aa12ea790caa9a7539

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically detecting 'Pdf.Exploit.Agent-36121'. Embedded JavaScript was found, indicating an attempt to execute malicious code. The primary attack pattern involves leveraging a PDF exploit to run this embedded script.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `472c9507483757fcbb9a8badb13592a8d3d9a0c4b73b886cf0a8c804367293ab`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9C7	500 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.