Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa03d29909110060…

MALICIOUS

PDF

3.2 KB
MD5: f0dae297a692cb4d06024dbc94fdcfca SHA-1: 02196925785a2e904f1f9af9f3a1fb09e7cc75db SHA-256: fa03d299091100605748ea30ff2245cb083f36cefb62b87fd6410a28102035b5
106 Risk Score

Malware Insights

The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating it contains an exploit. Embedded JavaScript, detected by heuristics, is likely responsible for executing the exploit. The JavaScript stream is the primary mechanism for delivering the malicious payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
30f438afc79f9cf1a0ef28e48f2f38101ac978cd7b94cae9c20e5940c4f065a0		 pdf-javascript-stream PDF /JS object 7 at offset 0x9C6 467 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.