PDF malware analysis — malicious · 49fb664d6a758438

MALICIOUS

PDF

3.3 KB

MD5: 5937b5e7a90634f94789aedc5a4895e6 SHA-1: ba3c6f736edb888650f6ba3d6799ef26eaa088c0 SHA-256: 49fb664d6a75843882a4a4923ecda7d934be0a0b10a4a435ed2bcd716d9f9e33

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious Link

The PDF file contains embedded JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as 'Pdf.Exploit.Agent-36121' further confirms its malicious nature. The embedded JavaScript is likely responsible for executing the exploit, leading to the malicious behavior. The exact functionality of the JavaScript could not be determined due to obfuscation, but it is the primary vector for exploitation.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `44a0c08e0961c1d72f6f21c5070ec8a279ce23563481fb38a8c07926ce81daca`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA7D	306 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.