Malicious PDF — malware analysis report

Static analysis result for SHA-256 2b79b4bf2ef3f747…

MALICIOUS

PDF

2.4 KB
MD5: 552f1c22bb117159e2b574f0970e5ffc SHA-1: 1d0b4ead7e8344f65cde13936ad1205ad0e01a0a SHA-256: 2b79b4bf2ef3f747e3eb777eb10e4b226c3067ef8936c135c17cc0d19290e2fc
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings. ClamAV also detected it as a known exploit (Pdf.Exploit.Agent-36895). The embedded JavaScript is likely used to exploit a vulnerability within the PDF reader to execute malicious code. However, the document body is unreadable, and no specific script content was extracted, limiting the ability to determine the exact payload or further attack steps.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36895 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36895
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.