PDF malware analysis — malicious · 5379e9c917ae8b67

MALICIOUS

PDF

6.5 KB Authoring application: Tisilarehaue (via 803c5Tibedegabala)

MD5: a58a863a1ebcd8abde8076fedda12e3b SHA-1: 3fbbdd5e934e0d1cf146b3c15855ffd823e9e9c0 SHA-256: 5379e9c917ae8b67777e86ec82bb0277340a7e7e7201b72396bd022b2fcdb516

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV detection and the presence of embedded JavaScript strongly indicate a malicious PDF. The JavaScript action and embedded JS stream heuristics confirm the exploitability of the PDF. The embedded JavaScript, though not fully detailed here, is the primary mechanism for delivering the malicious payload, likely involving the download and execution of further malware. The document body is heavily obfuscated and unreadable, providing no direct clues to the lure.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36142 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36142
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `d4dce4f95f7146e3b127d68edf45ceb045483a205d9e9a2a53d6e6b80d83b663`	pdf-javascript-stream	PDF /JS object 10 at offset 0x1230	1728 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.