PDF malware analysis — malicious · 4414d77a7bda206f

MALICIOUS

PDF

12.5 KB

MD5: 7f5e5bbd30f9bb0ff9479c6c433953c1 SHA-1: 7cc3e47d9c80eb043c745489c9cba8809fd044a3 SHA-256: 4414d77a7bda206f8e4b4ccbe5d103f55e3b317c11e950ba2bdd66dea1a0c5d3

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF contains embedded JavaScript, indicated by heuristic firings for PDF_JAVASCRIPT and PDF_JS. ClamAV detection as Pdf.Exploit.Agent-36723 further confirms its malicious nature. The embedded JavaScript is likely responsible for exploiting a vulnerability within the PDF reader to execute malicious code.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36723 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36723
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `d7e9214f87b0020bd2c5b12686d977fe2cc018e2ff74eac32f35aa7aff5daa81`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11704 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.