PDF malware analysis — malicious · 5174253e59c1bd7d

MALICIOUS

PDF

3.3 KB

MD5: 3e4603e875e9552a417296edc72f265f SHA-1: b0c0788a46acf9878e7735d052f4649fe8a9dac2 SHA-256: 5174253e59c1bd7d51ac2d9824441133f45153b5ee938bf9bf2ad1bfe2dd4564

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as Pdf.Exploit.Agent-36121 further confirms its malicious nature. The embedded JavaScript is likely responsible for executing the exploit, leading to the malicious verdict. No document body text was available for further analysis.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `5b5c41ca640c65447d1e882157f23b2c825a4ff523b3d5a1740fc76e6fef2fa7`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA85	334 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.