Malicious PDF — malware analysis report

Static analysis result for SHA-256 f11b051960f9c0bc…

MALICIOUS

PDF

8.9 KB
MD5: e7a0184312a8787e3aa12b523e22b790 SHA-1: 2c686528f8589fffbb5a24ab2075398c6afc53b4 SHA-256: f11b051960f9c0bc07d2ae96a198a0c89746b3a097e891ea2f8f338c07e206f7
130 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is a PDF document flagged by ClamAV as Win.Exploit.Fnstenv_mov-1, indicating it likely exploits a known vulnerability. The PDF_LAUNCH heuristic further confirms the presence of an embedded action designed to trigger an exploit. The ML classifier also strongly indicates maliciousness. No document body text or scripts were extracted, but the exploit detection is sufficient for a high-confidence assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 2

  • ClamAV: Win.Exploit.Fnstenv_mov-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Exploit.Fnstenv_mov-1
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.