Malicious PDF — malware analysis report

Static analysis result for SHA-256 fd7be9bf172aa098…

MALICIOUS

PDF

8.9 KB
MD5: 485cec17d96ce76afe02944783463c2a SHA-1: e51c03d40229ed7d80d289d807a3e505c149efbc SHA-256: fd7be9bf172aa098ee41bd44b6424f1c3e451130df711601513cdd14f670f697
130 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The PDF file was flagged by ClamAV as Win.Exploit.Fnstenv_mov-1, indicating it contains a known exploit. A PDF launch action was also detected, which is commonly used to trigger exploits within PDF documents. The ML classifier also strongly indicated maliciousness. No document body text was available for further analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 2

  • ClamAV: Win.Exploit.Fnstenv_mov-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Exploit.Fnstenv_mov-1
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.