PDF malware analysis — malicious · 563fc67dd160285d

MALICIOUS

PDF

12.6 KB

MD5: 6d4c7a50aea22a4e45c89ecd3eee24ee SHA-1: 2b8a9eaf2432027b2be5d947602f4ee4e49141e2 SHA-256: 563fc67dd160285d6272c5b2e026b138ac032f265cfbb2deaaafbeb8783a0e44

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript

The file is identified as a malicious PDF by ClamAV. Static analysis revealed embedded JavaScript, which is often used to exploit vulnerabilities or download additional malicious content. The embedded JavaScript is the primary indicator of malicious activity.

Heuristics 3

ClamAV: Win.Trojan.Agent-36280 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36280
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `814a00701eac9ac737e86cd8300573e67119f7a4d343001455e473cbe10de84b`	pdf-javascript-stream	PDF /JS object 76 at offset 0x383	11745 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.