PDF malware analysis — malicious · 494abbbaca32584f

MALICIOUS

PDF

12.3 KB

MD5: 6e4e2ed640ac10b95163e63bc7f085d0 SHA-1: ebbd20113b3b382fc4e9284a35b6192c8e4a9d08 SHA-256: 494abbbaca32584f6702302fbbe630216212d925147f6988f43435338d12327e

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings. ClamAV detection identifies it as Win.Trojan.Agent-36280, suggesting a known malware variant. The embedded JavaScript is likely responsible for the malicious activity, potentially downloading and executing a secondary payload.

Heuristics 3

ClamAV: Win.Trojan.Agent-36280 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36280
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `2eb84b3d2b740e670d4f44885bc7e32b6c327db1eb04eb183de5979120a6decd`	pdf-javascript-stream	PDF /JS object 76 at offset 0x383	11489 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.