PDF malware analysis — malicious · 20801db373a81cf6

MALICIOUS

PDF

4.4 KB

MD5: 538f6e07a9e94981249e299f3bcdf4cc SHA-1: 84dbb66f268c223a0a401a67a722f67729073ffb SHA-256: 20801db373a81cf62ec85de5d2a168f5f42d578a637e3f373eb900766b403c75

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as Pdf.Exploit.Agent-36898 strongly suggests it's a malicious PDF exploiting a vulnerability. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, which is a common attack pattern for such documents. No specific family could be identified.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36898 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36898
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0020_000.js` `6ed4f261c79203f53fadb76c4349bfa45ddb4e741a27bdae8309c6623232f6bb`	pdf-javascript-stream	PDF /JS object 20 at offset 0xDE2	232 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.