PDF malware analysis — malicious · 1cbacb0a1030141c

MALICIOUS

PDF

12.1 KB

MD5: 5470ce7b6fe318d9d1048ffb3b3576d6 SHA-1: dcdc8f148983473d58a8c9ac0d873fac6f206143 SHA-256: 1cbacb0a1030141c9304fe232190fbb44cb4739d6ca008ddb8550e10c0429c30

78 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings related to PDF JavaScript actions and streams. ClamAV detection confirms its malicious nature, identifying it as Pdf.Malware.Agent-7863673-0. The embedded JavaScript is likely designed to perform malicious actions, such as downloading and executing a second-stage payload.

Heuristics 4

ClamAV: Pdf.Malware.Agent-7863673-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Malware.Agent-7863673-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `d9693c4780ee0a89af6e39b521ca58c07322078d12b196c3b359c07fd3963a11`	pdf-javascript-stream	PDF /JS object 76 at offset 0x330	11353 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.