PDF malware analysis — malicious · 23fa38efcc0b23cb

MALICIOUS

PDF

3.2 KB

MD5: 319884d1374b82db52695b9b3267737a SHA-1: 2b65ddc121358fb732afffa227033bb1fd7bba09 SHA-256: 23fa38efcc0b23cb979eb7c084dc874523d9c99b4af536a0d9f7be38a3677bf7

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as 'Pdf.Exploit.Agent-36121' strongly suggests exploitation of a known PDF vulnerability. The embedded JavaScript is the likely mechanism for delivering the exploit, although its specific actions could not be determined due to obfuscation or truncation. The primary IOC is the ClamAV detection signature.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `e1852452bb0b9aab4400068e52249d951e532c53f65e452dd6a27a8c0d2ebfff`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9C6	472 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.