Malicious PDF — malware analysis report

Static analysis result for SHA-256 3ffabf5b0819ad54…

MALICIOUS

PDF

11.8 KB
MD5: 4f8419bffdcb3abd0a876739d4f839fb SHA-1: 013579899cb08a4561c9270f729141f71f63c477 SHA-256: 3ffabf5b0819ad54aaaebcc14c1257e780162d22e919b6d79c26fa7caff080ae
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a malicious PDF by ClamAV with the signature Pdf.Dropper.Agent-5341868-0. Static analysis detected embedded JavaScript streams within the PDF structure. This indicates the PDF is designed to execute malicious scripts, a common technique for delivering secondary payloads or exploiting vulnerabilities. The presence of JavaScript actions and streams strongly suggests an intent to download and execute further malicious content.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-5341868-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-5341868-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0087_000.js
e54e98d5d4fae1e10decc7897c3214ea0929461ecd8658af3c1ef39bb3e643ce		 pdf-javascript-stream PDF /JS object 87 at offset 0x105 28774 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.