PDF malware analysis — malicious · 3b81661e916801db

MALICIOUS

PDF

11.1 KB Created: 2009-08-23 19:47:07 Authoring application: Win32 12.3.0.0 (via PDF Library 4.5.1.5)

MD5: 43ca47f04fe08473b9ec3b696aae8551 SHA-1: 3a559c7e6c0d2b0f6c11421f12cc815a81897ef7 SHA-256: 3b81661e916801dbe54edc2382c7ffc31bf0c83b71d4fdc2b0fd576a08f801af

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The critical ClamAV heuristic identified the file as 'Pdf.Dropper.Agent-7251381-0', indicating it functions as a dropper. Low-severity heuristics also detected embedded JavaScript, suggesting the PDF is designed to execute malicious scripts. The document body content is unreadable, but the presence of JavaScript and the ClamAV detection strongly imply the PDF's purpose is to download and execute a second-stage payload.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7251381-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7251381-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0014_000.js` `4d4c82dba4af58c94ceb15a7d12db1ca94d02878a86d8530bb05044ed853783e`	pdf-javascript-stream	PDF /JS object 14 at offset 0x398	183360 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.