PDF malware analysis — malicious · 4ae1f85f86f6654c

MALICIOUS

PDF

6.6 KB Authoring application: Tisilarehaue (via 6c6c8Tibedegabala)

MD5: 31d5648d65fc598a133974f1c8d0ac9c SHA-1: 3c95cd9aa011590b9980c7c433de24007c898eec SHA-256: 4ae1f85f86f6654c29555af44511a0414f4c307435fef8f0bd2c2f43cf720409

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious Link

The critical ClamAV heuristic indicates this PDF is recognized as malware (Pdf.Exploit.Agent-36142). Low-level heuristics also detected embedded JavaScript, suggesting an exploit attempt. The JavaScript is likely responsible for executing the malicious payload, though its exact function is obscured by obfuscation. The document body is unreadable, providing no further context on the lure.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36142 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36142
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `d4dce4f95f7146e3b127d68edf45ceb045483a205d9e9a2a53d6e6b80d83b663`	pdf-javascript-stream	PDF /JS object 10 at offset 0x1230	1728 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.