PDF malware analysis — malicious · 3ee0877a0babc6de

MALICIOUS

PDF

6.6 KB Authoring application: Tisilarehaue (via 9ec1cTibedegabala)

MD5: 155a16019fde634249e8ece105a66dc4 SHA-1: 51e4c1ba188772e313099612d864863796109248 SHA-256: 3ee0877a0babc6de7477111b1c3a6e97c37a9abf4eb1b85a4781cc9ba0ca7d3c

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV heuristic indicates this PDF is recognized as malware (Pdf.Exploit.Agent-36142). Low-severity heuristics confirm the presence of embedded JavaScript, which is a common vector for PDF exploits. The embedded JavaScript stream is likely responsible for executing the malicious payload, although its specific actions are not detailed in the provided evidence. The document body is heavily obfuscated and does not provide clear user-facing content.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36142 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36142
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `d4dce4f95f7146e3b127d68edf45ceb045483a205d9e9a2a53d6e6b80d83b663`	pdf-javascript-stream	PDF /JS object 10 at offset 0x1230	1728 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.