Malicious PDF — malware analysis report

Static analysis result for SHA-256 4565820d8d2e1827…

MALICIOUS

PDF

16.2 KB
MD5: 5ebc7e3f043025d776b3902d1fca2ed8 SHA-1: 02fcb2f1ed8a757c04e958b309c0079ab9eb0269 SHA-256: 4565820d8d2e1827798c9d66493d17d9d654d95f745151c6cb7dcfa219871fdc
76 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File

The PDF contains embedded JavaScript, identified by heuristics and ClamAV detection as Pdf.Exploit.Agent-36324. This JavaScript is likely designed to exploit a vulnerability within the PDF reader, leading to the execution of malicious code. The primary IOC is the ClamAV detection signature.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36324 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36324
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
21837dc0d0fcdfe6575af7c9fb55015f8e4944b9e39b1826e064551a18d625e7		 pdf-javascript-stream PDF /JS object 76 at offset 0x2D4 15637 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.