Malicious PDF — malware analysis report

Static analysis result for SHA-256 2c9358a87e78903a…

MALICIOUS

PDF

44.9 KB Authoring application: substr
MD5: 5d32a0edbcf3ff7c53fff0437d254106 SHA-1: 4500367c8fcc72258b84138f7f9ca0dba177bf4d SHA-256: 2c9358a87e78903ac85740e6d2d91c945ce35ee6ab579e6183c451d2aa646e00
76 Risk Score

Malware Insights

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection further confirms its malicious nature. The embedded JavaScript is likely intended to execute malicious code, although the specific payload or delivery mechanism cannot be determined from the provided evidence. The document body text 'substr split test' does not provide further context on the lure.

Heuristics 3

  • ClamAV: Pdf.Malware.Agent-7659010-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Malware.Agent-7659010-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0001_000.js
89512ba6fbc208ef8ec52b8f65d1486659974b7a8e31a70893013741f4d4cfce		 pdf-javascript-stream PDF /JS object 1 at offset 0xB106 423 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.