PDF / .PHP malware analysis — malicious · 409db67681ebc5c7

MALICIOUS

PDF / .PHP

11.6 KB

MD5: c6cde3d82cb12dbc50253d22e4506c0f SHA-1: fdb25e2f1dd472c32dc4a589e307c8ac69485d7c SHA-256: 409db67681ebc5c705ac79b7b039fdb09bfce42dc4d1d863cd65cfe59b81e6cf

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is detected as malicious by ClamAV with the signature Pdf.Exploit.Agent-23345. Static analysis identified embedded JavaScript, indicating an attempt to exploit PDF vulnerabilities. The JavaScript is likely responsible for downloading and executing a second-stage payload.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-23345 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-23345
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0087_000.js` `1ad7d83670b159cffdd8065ea319887676a7273c62d76bc12762ead799dcff19`	pdf-javascript-stream	PDF /JS object 87 at offset 0x105	28720 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.