PDF malware analysis — malicious · 371d0f4cf00e91b3

MALICIOUS

PDF

12.4 KB

MD5: 73d3e5f8673d6720d4cc1f88a7c84eab SHA-1: 4481dbbb37cb8787b1d502d7dc51b6a66c27b86c SHA-256: 371d0f4cf00e91b35288a80b0ca5b4003084625827dce1a8bac4f49275f5f0de

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1204.002 Malicious File

The file is a PDF containing embedded JavaScript, which is a common technique for exploiting vulnerabilities in PDF readers. The critical ClamAV heuristic 'Pdf.Exploit.Agent-36722' strongly indicates malicious intent, likely involving the execution of a second-stage payload via the JavaScript. No document body or specific script content was available for further analysis.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36722 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36722
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `e5d70ed15228ce017c29752bf7c2deeb284d75a5e4f447da7218b89d00a50b8a`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11611 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.