PDF malware analysis — malicious · fdf99e4f54d0ab36

MALICIOUS

PDF

12.1 KB

MD5: c82a8181a10d7a04365d12e752da7f49 SHA-1: 1c8c3aca900465cf7aba48593292a2993dd1938d SHA-256: fdf99e4f54d0ab3682dd6d8121c4bc4a4730bfdd691fc4dca072511ae82b4a85

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

This PDF file was flagged as malicious by ClamAV and a machine learning classifier, indicating a high likelihood of malicious intent. The presence of embedded JavaScript, identified by heuristics, suggests an attempt to exploit vulnerabilities within the PDF reader to execute arbitrary code. The embedded JavaScript file, 'javascript_obj0076_000.js', is the primary artifact likely responsible for initiating the malicious execution chain, potentially downloading further stages.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36723 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36723
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `93f9ec1a28af92116d2277493a007028796f808b3ef954e25453dd05d4880576`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11282 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.