PDF malware analysis — malicious · 44889db2a227fe99

MALICIOUS

PDF

3.2 KB

MD5: 725b2906868fedd74d50e75be8e5f4fe SHA-1: afb22f522e609824c980f2ce488e9b95637ac854 SHA-256: 44889db2a227fe99d40e5317486cdf6a793e2cfc0b3181b1d80c64dff8fa759b

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection confirms it as Pdf.Exploit.Agent-36121. The embedded JavaScript is likely responsible for executing the exploit, leading to a malicious outcome. No specific family could be identified.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `bbf0b4a4484e9aade41d4e84ee4260d5e6195cae1220256d058212eec193ee9e`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9C1	440 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.