PDF / .PHP malware analysis — malicious · 4168bb3cf389d730

MALICIOUS

PDF / .PHP

3.2 KB

MD5: 5b7c2ba8d4714373edea053c90fe7695 SHA-1: 5d96085dc7256af4017f42f01a8d93bcf230fda4 SHA-256: 4168bb3cf389d730ccd9b60e3957cc0e48d5755dcb50584f863ee0e78a5fee5b

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Pdf.Exploit.Agent-36121. Static analysis revealed embedded JavaScript within the PDF, indicating an attempt to exploit vulnerabilities. The JavaScript action and embedded JS stream heuristics further support this. The exact payload or exploit mechanism is not fully discernible due to potential obfuscation, but the presence of JavaScript strongly suggests an attack pattern involving code execution.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `a272c9c60f322edd810331d7e9c013097cc2b5515a4977d5a3244382cca7609d`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9CB	469 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.