PDF malware analysis — malicious · ee9268c6685238f5

MALICIOUS

PDF

3.2 KB

MD5: e266a470aea862ca8bad8ea27ac2c58c SHA-1: 64e50220a11eeb964253b0e77a61d961c4a5a333 SHA-256: ee9268c6685238f5b3138014545179ee8edc6c668ce9de542c36b3f18a1b4a86

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

This PDF file was flagged as malicious by ClamAV and an ML classifier, indicating a high likelihood of exploit. Embedded JavaScript, identified as 'javascript_obj0007_000.js', is present and likely responsible for executing the exploit. The specific exploit and its payload are not detailed in the provided evidence, but the presence of JavaScript in a PDF commonly leads to arbitrary code execution.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `8b02934b1f444d6636e9cf18fea9a2985affaeded2d5c7e912326617b10388ab`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9D6	489 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.