Malicious PDF — malware analysis report

Static analysis result for SHA-256 42d4998069838d72…

MALICIOUS

PDF

44.8 KB
MD5: 95ff989c07e7108f571ba527b0125e72 SHA-1: f1a09f8e4ad8e690d4dca3a880bd9860af109c67 SHA-256: 42d4998069838d728072faea592425ad0abca8541e8be9dcec933a3fe2a0c74b
76 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious JavaScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The embedded JavaScript is likely intended to perform malicious actions, such as downloading and executing a second-stage payload. The ClamAV detection further supports its malicious nature. However, the specific actions of the JavaScript could not be fully determined due to potential obfuscation or truncation.

Heuristics 3

  • ClamAV: Pdf.Malware.Agent-7658986-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Malware.Agent-7658986-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0001_000.js
471805dc0119bad8f7d8dbef1d1537eddbe7d68ac1882a97899b500e8f3ae501		 pdf-javascript-stream PDF /JS object 1 at offset 0xAFAD 607 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.