PDF malware analysis — malicious · 25f64520bdcceffe

MALICIOUS

PDF

12.4 KB

MD5: 850bbd8074b19990601c71ed001d2bec SHA-1: 1578c23b919a69d594d4ba9131fc3d493b2e5657 SHA-256: 25f64520bdcceffe906f834bc37def78a36dae5f7dd19c8ba93b1bad016e03ca

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file was detected as malicious by ClamAV with the signature Win.Trojan.Agent-36281. It contains embedded JavaScript, indicated by heuristic firings for PDF_JAVASCRIPT and PDF_JS. This JavaScript is likely designed to download and execute a second-stage payload, contributing to the overall malicious nature of the document.

Heuristics 3

ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36281
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `d3ae21eb973add1ac52f983a336ec7d49c03f70a4a8b4a608d0f0baa1d92658a`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11564 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.