PDF malware analysis — malicious · fea078e0a13fe433

MALICIOUS

PDF

3.3 KB

MD5: 349714765d3d4b171192f3b24286cac6 SHA-1: 88c3bfdfc8845ea2d234549ea4aab130ba5e5127 SHA-256: fea078e0a13fe4332c2ae1d819ea9ebb65d3b6fdcafa335f8abc9795b9acb032

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically detecting 'Pdf.Exploit.Agent-36121'. Analysis revealed embedded JavaScript, indicating an attempt to exploit vulnerabilities within the PDF reader. The JavaScript's purpose is to execute malicious code, likely leading to further compromise.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `c677a1a5ed81ff053f9723c6f1afced36c730f38ea035f19b2c50cb4653f7557`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA84	378 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.