PDF malware analysis — malicious · 42c040cfd07c27bf

MALICIOUS

PDF

3.3 KB

MD5: cc95aba8191170b8edfabd7603329b9c SHA-1: b546e98618a8f16ec8c120ba701a8e3691eb51ce SHA-256: 42c040cfd07c27bf20caac7dac210bc780631d5e26d8f0b10c5cc18109336a5f

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection further confirms its malicious nature, identifying it as Pdf.Exploit.Agent-36121. The embedded JavaScript is likely responsible for exploiting a vulnerability within the PDF reader to execute malicious code, potentially leading to further compromise.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `c82b72dfb74215418db4c92290660f853abdc1995a70754f72cb524f0fb6ba82`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA87	380 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.