PDF malware analysis — malicious · 325b8afa332eaf76

MALICIOUS

PDF

9.9 KB Created: 2009-11-08 08:48:39 Authoring application: rBitUCKIFVxsX (via bxhhEpxQQTEQGMAl)

MD5: 79d3537fef111fdfc9562ce0269cd566 SHA-1: 456d40b468ae6f843ad6321a77b81c570fab3011 SHA-256: 325b8afa332eaf76aad95ef457a89f696905f6755a40746d6ac0d24556c9af1d

78 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF document identified by ClamAV as Pdf.Exploit.Agent-35572. Static analysis detected embedded JavaScript, indicating an attempt to exploit a vulnerability within the PDF reader. The JavaScript is obfuscated, but its presence and the ClamAV signature strongly suggest the execution of a malicious payload. The document body contains seemingly random text, offering no contextual clues about the lure.

Heuristics 4

ClamAV: Pdf.Exploit.Agent-35572 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-35572
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `ba50b0b9d130779be0d7b558f3518b5f1e02842cb418aa426f141e8656060cb8`	pdf-javascript-stream	PDF /JS object 7 at offset 0x2EB	8599 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s).

Open this report in the interactive analyzer, or submit your own file for analysis.