PDF malware analysis — malicious · 58024015a814d75a

MALICIOUS

PDF

12.5 KB

MD5: 5b376cde1d0e787725117c2c2c09e35b SHA-1: 7cf66ea4d73caf2db16371d28ad20887b0a72eac SHA-256: 58024015a814d75ab85c92f823177d66973df6c42570bef360b1f933705bb995

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF contains embedded JavaScript, indicated by heuristic firings for PDF_JAVASCRIPT and PDF_JS. ClamAV detection as Win.Trojan.Agent-36280 confirms its malicious nature. The embedded JavaScript is likely intended to download and execute a secondary payload, a common technique for malware delivery.

Heuristics 3

ClamAV: Win.Trojan.Agent-36280 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36280
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `8e46bc3c53415754a9c779a8276b2c1f5da4bc89e84c5f94bd7f278acf41ed40`	pdf-javascript-stream	PDF /JS object 76 at offset 0x383	11693 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.