Malicious PDF — malware analysis report

Static analysis result for SHA-256 fdbe3974acf21528…

MALICIOUS

PDF

16.7 KB Created: 2010-03-10 18:13:05 Authoring application: Cwafodamokfeufo
MD5: a7387d343184f824d89408ef727e3dcc SHA-1: 8e7bc70998d6feae3f679b0a95f1e83f8d4adc5b SHA-256: fdbe3974acf2152826eafe94adee6ceff2f6f64f5dc39e425ade97ca1fb95b91
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file was identified as malicious by multiple heuristics, including a critical ClamAV detection for 'Pdf.Exploit.Agent-15800' and an ML classifier with a high confidence score. The presence of embedded JavaScript further indicates malicious intent, likely to exploit a PDF vulnerability and execute a payload. No specific family could be identified, but the exploit nature is clear.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-15800 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-15800
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0024_000.js
d4154f8d42f087e077da148c704a3763ea51fe97cb9998052625917058fb0f91		 pdf-javascript-stream PDF /JS object 24 at offset 0x33A2 1101338 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.